US accuses two Chinese nationals of helping North Korean hackers launder stolen cryptocurrency

Hackers stole nearly $250 million worth of cryptocurrency in this particular hack

The US Department of the Treasury's Office of Foreign Assets Control (OFAC) has sued two Chinese nationals claiming that they played a role in laundering millions of dollars stolen from cryptocurrency exchanges.

In a statement, OFAC said that Chinese nationals Li Jiadong and Tian Yinyin were involved in moving funds that were allegedly stolen by Lazarus, an advanced persistent threat group with links to the North Korean government.

The 33-year-old Li Jiadong is from Anshan, Liaoning province in China, while 34-year-old Tian Yinyin is from Nanjing, Jiangsu.

According to prosecutors, this particular hack happened in April 2018, in which North Korean actors used phishing emails containing malware to target the cryptocurrency exchanges. The attacks were launched after an employee of the exchange inadvertently downloaded malware created by North Korea hackers.

The hackers also set up a website that offered now defunct crypto currency app Celas Trade Pro. This app also contained malware for the phishing attack.

After the malware was downloaded on a system in a crypto exchange, it enabled attackers to access private keys, virtual currency, and customer details. Hackers also used fake identities to skirt safeguards deployed on the exchange.

Hackers stole nearly $250 million worth of cryptocurrency, which accounted for nearly half of the North Korea's estimated virtual currency thefts in 2018.

According to the US Department of Justice, Li Jiadong and Tian Yinyin helped hackers launder $100 million of the $250 million using prepaid Apple iTunes gift cards and other techniques. iTunes gift cards are accepted in some virtual currency exchanges, allowing users to purchase bitcoins.

Of the total funds sent to Tian and Li, over $34 million was moved to a Chinese bank account held by the Tian.

The US Treasury did not disclose the names of the exchanges from which the cryptocurrency was stolen.

"The North Korean regime has continued its widespread campaign of extensive cyber-attacks on financial institutions to steal funds," said Secretary Steven T. Mnuchin.

"The United States will continue to protect the global financial system by holding accountable those who help North Korea engage in cyber-crime."

Last year, a leaked UN report claimed that the North Korean government had made nearly $2 billion from cyber attacks against foreign financial institutions - and spent the money on its weapons programme.

The authors of the report claimed to have monitored North Korea's compliance over six months and found that the country had repeatedly launched sophisticated and widespread attacks to steal funds from overseas banks and cryptocurrency exchanges to support its weapons programmes. North Korea also used cyberspace to launder the stolen money, according to the report.