The United States Department of Justice filed a civil forfeiture complaint on August 27, 2020, seeking to seize control of 280 cryptocurrency accounts allegedly used by North Korean state-sponsored hackers to launder stolen digital assets from two separate exchange breaches.
TL;DR
- DOJ filed a civil forfeiture complaint targeting 280 BTC and ETH accounts tied to North Korean hackers
- The accounts were linked to two exchange hacks in July and September 2019
- North Korean cyber operations have generated an estimated $2 billion from attacks across 17 countries
- Chinese over-the-counter traders were charged with laundering over $100 million for the regime
- The action exposes the connection between Pyongyang’s nuclear program and cryptocurrency theft
Two Exchange Hacks, One Laundering Network
According to the civil forfeiture complaint filed in federal court, the first breach occurred in July 2019 when North Korean threat actors compromised an unnamed cryptocurrency exchange and made off with more than $272,000 worth of cryptocurrency, including Proton Tokens, PlayGame tokens, and IHT Real Estate Protocol tokens.
A second attack followed in September 2019, this time targeting a United States-based cryptocurrency exchange. Hackers gained access to the platform’s crypto wallets and drained funds belonging to both the exchange and its partner organizations. The exact amount stolen in the September breach was not disclosed in the complaint.
Stolen funds from both incidents were subsequently funneled through a network of 280 Bitcoin and Ethereum accounts registered at various cryptocurrency exchanges, along with multiple intermediary wallet addresses designed to obscure the transaction trail.
Chain Hopping and Laundering Techniques
The Justice Department revealed that North Korean operatives employed a technique known as “chain hopping” to complicate tracing efforts. In many instances, the stolen cryptocurrency was converted from one form to another — typically into Bitcoin, Tether, or other digital assets — specifically to obfuscate the transaction path and hinder blockchain analysis.
The complaint further revealed that the funds stolen in these two exchange hacks, combined with approximately $250 million stolen from a separate exchange in 2018, were all laundered by the same group of Chinese over-the-counter cryptocurrency traders. This connection highlighted the scale and sophistication of the financial infrastructure supporting Pyongyang’s cyber operations.
Chinese OTC Traders Charged
In March 2020, the Justice Department had already charged two Chinese nationals for their role in laundering cryptocurrency on behalf of North Korean hackers. The pair reportedly received $91 million from DPRK-controlled accounts in April 2018 as part of an initial laundering batch, followed by an additional $9.5 million after a second exchange was compromised.
Beyond the two exchanges targeted in the forfeiture complaint, North Korean hackers were also tied to the theft of approximately $48.5 million worth of cryptocurrency from a South Korean-based exchange during November 2019, demonstrating the breadth of Pyongyang’s digital asset theft campaign.
A Global Threat Worth Billions
The scale of North Korea’s cryptocurrency theft operations has alarmed international authorities. A confidential United Nations report estimated that the reclusive regime generated as much as $2 billion from at least 35 cyberattacks targeting financial institutions and cryptocurrency exchanges across 17 countries. An earlier UN assessment found that North Korean hackers attacking Asian cryptocurrency exchanges between January 2017 and September 2018 were responsible for approximately $571 million in losses.
Acting Assistant Attorney General Brian C. Rabbitt of the Justice Department’s Criminal Division emphasized the significance of the action: “Today’s action publiclyly exposes the ongoing connections between North Korea’s cyber-hacking program and a Chinese cryptocurrency money laundering network. This case underscores the department’s ongoing commitment to counter the threat presented by North Korean cyber hackers by exposing their criminal networks and tracing and seizing their ill-gotten gains.”
Sanctions and State-Sponsored Hacking Groups
The U.S. Treasury Department had previously sanctioned three North Korean hacking groups — Lazarus Group, Bluenoroff, and Andariel — for their roles in stealing financial assets to fund the government of North Korea. These groups have been linked to some of the most high-profile cyberattacks in history, including the WannaCry ransomware outbreak and the Sony Pictures hack.
The Justice Department stressed that revenue generated from these cyber operations directly funds North Korea’s illicit ballistic missile and nuclear weapons programs, making cryptocurrency theft not merely a financial crime but a matter of international security.
Why This Matters
The forfeiture action marked one of the largest cryptocurrency account seizures by the U.S. government at the time and demonstrated law enforcement’s growing capability to trace and seize digital assets across borders. With Bitcoin trading around $11,323 and Ethereum near $382 on the day of the filing, the case underscored how cryptocurrency’s pseudonymous nature, once considered a shield for criminals, is increasingly being penetrated by sophisticated blockchain forensic techniques. The action also sent a clear signal that the United States would pursue state-sponsored crypto criminals regardless of jurisdictional boundaries.
Disclaimer: This article is for informational purposes only and does not constitute legal, financial, or investment advice. Readers should conduct their own research before making any decisions.