How North Korea Laundered $100 Million of Stolen Crypto Through Several Banks and Cryptocurrency Exchanges?
March 13, 2020 8:11 pm
CipherTrace, Blockchain forensics firm has issued a thorough study of how two Chinese citizens, connected with North Korea, Laundered 100 Millions of dollars worth of stolen cryptocurrency.
Both are supposed to be linked with the shadowy Lazarus Group, was also found guilty for the Sony breach in 2014, the WannaCry ransomware epidemic in 2017, and a $7 million attack on Bithumb (also in 2017).
To avoid undesired attention, and doctored photographs to fool KYC verification processes, among other tricks, they used ‘peel chains’ to cover the size of deposits. The U.S. Treasury’s Office of Foreign Assets Control (OFAC), on March 2, added Tian Yinyin and Li Jiadong to its list of authorised people and entities for their involvement in laundering crypto assets stolen from an unnamed South Korean exchange in 2018.
The two Chinese have been charged with money laundering conspiracy and performing unlicensed money transferring business.
Crypto assets worth of $234 million were stolen from the exchange — including between half a million $3.2 million worth of Ethereum Classic, Ripple, Litecoin, Zcash, and Dogecoin 218,800 Ether worth $141 million and 10,800 Bitcoin worth $95 million.
‘Peel chains’ used to hide large deposits
Per Cipher Trace, the cybercriminals made use of “peel chains” to obfuscate the size of funds being deposited to any given wallet. Rather than attempt to make a single, large deposit to exchange and attract unwanted attention, the criminals established a chain of addresses the stolen cryptocurrency could pass through, with a small sum of crypto being forwarded to the exchange at each juncture.
Once the funds had crossed through the peel chain via 146 separate transactions, the funds were then reconstituted on just two exchanges-repeatedly unnamed. U.S. Treasury documents assume that stolen crypto of worth $100.5 million flowed through Tian and Li via various North Korean crypto wallets.
Tian transferred above $34 million from his bank account to a single exchange, However, Li used nine separate banks to funnel $33 million.
Additional investigations exposed that the two also used peel chains to successfully launder funds collected by two different exchange hacks assumed to be executed by North Korea.
Techniques used to explain gaps in KYC processes
Tian and Li were easily able to Know-Your-Customer (KYC) methods executed by exchanges. The two uploaded pictures to one exchange purportedly displaying a South Korean man and a German man carrying up government-issued IDs. The pictures metadata exposes that not only were the pictures altered, but highlighted different heads photoshopped on the identical body.
Another exchange with more reliable security waved pictures submitted by the two as having been altered and demanded a video conference to settle the account holders identities. This ended that particular KYC attempt.
In a press release stating the allegations on the Chinese citizens, General Benczkowski of the United States Department of Justice (DOJ) said that the DOJ “will pierce the veil of anonymity provided by cryptocurrencies to hold criminals accountable, no matter where they are located.”
Last month, a story resolved that North Korean internet usage had trebled over three years with growing cryptocurrency adoption by the government.