Cryptocurrency Fraud , Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime
US Indicts Chinese National for Laundering DPRK Crypto
OFAC Adds Men to List of Specially Designated Nationals and Blocked PersonsA Chinese and a Hong Kong national are each under U.S. federal indictment for money laundering for their roles in channeling cryptocurrency stolen by North Korean hackers into hard currency and goods.
See Also: OnDemand | 2024 Phishing Insights: What 11.9 Million User Behaviors Reveal About Your Risk
Prosecutors said Huihui Wu and Hung Man Cheng are over-the-counter cryptocurrency traders based China and Hong Kong, respectively. An unsealed indictment accuses the two men of converting virtual currency into fiat currency directly or by funneling converted stolen cryptocurrency into front companies that used the money to pay for goods such as tobacco and communications devices.
Department of Treasury officials said Wu provided material support to Pyongyang threat actor Lazarus Group, while Cheng provided material support to Wu.
An unknown user who goes by the online moniker of "live:jammychen0150" recruited Wu and Cheng sometime around 2018 to participate in the scheme, which was active through 2021. Jammy Chen, as federal prosecutors dub the unknown scheme member, received instructions for payments from a North Korea national now located in China-named Hyon Sop Sim, who also faces a money laundering charge related to the scheme.
Sim is also the subject of a separate money laundering indictment for his role as a representative of the Korea Kwangson Banking Corp., a North Korean financial institution sanctioned by the U.S. Department of the Treasury in 2013. In addition to directing Jammy Chen and his associates, Sim handled salaries paid in cryptocurrency by U.S.-based companies that unknowingly outsourced work to North Korean IT workers.
Federal prosecutors said Sim received $24 million worth of laundered virtual currency between 2021 and March of this year, at least half of which came from the salaries of outsourced North Korean workers. During that time, he was living in the United Arab Emirates. Treasury officials said he recent relocated to Dandong, China.
The Treasury Department's Office of Foreign Assets Control added each of the men to its blacklist of individuals prohibited from doing business with U.S. entities and whose assets should be blocked.
North Korean hackers were behind the largest virtual cryptocurrency heist to date, stealing almost $620 million in 2022 from Ronin Network, a sidechain tied to blockchain game Axie Infinity. Blockchain analysis firm Chainalysis calculated that North Korean hackers stole $1.7 billion worth of cryptocurrency during 2022 (see: Banner Year for North Korean Cryptocurrency Hacking). The cash-strapped Kim regime uses cryptocurrency theft to pump up its lagging finances, using the money to finance development of weapons of mass destruction.
Updated April 24, 17:47 UTC: Updated throughout with additional information.
This is a developing story; check back for updates.