North Korea has long been under the watchful eye of the Financial Action Task Force [FATF] which protects the international financial system from the risk of money laundering and terrorist financing.
However, North Korea continued to exploit cryptocurrencies as a strategic weapon against South Korean crypto-exchanges, also favoring scams, crypto-jacks and illegal crypto-mining.
The U.S. government has recently taken action against two Chinese citizens for allegedly collaborating with North Korean state-backed hackers to steal millions of dollars in digital money from cryptocurrency exchanges.
The CipherTrace investigation
CipherTrace, a forensic blockchain company, released a detailed analysis of how hackers stole cryptocurrencies across different cryptocurrency banks and exchanges.
On March 2, the Justice Department accused Tian Yinyin and Li Jiadong of laundering cryptocurrencies for over $ 100 million for the benefit of North Korean conspirators.
$ 234 million of crypto assets have been stolen from exchanges - including 218.800 Ether worth $ 141 million, 10.800 Bitcoins worth $ 95 million and between half a million and $ 3,2 million in Ethereum Classic, Ripple, Litecoin, Zcash and Dogecoin.
According to Ciphertrace, phishers have used "peel chains" to hide large crypto-deposits. Put simply, using "peel chains", criminals can get rid of unwanted attentions that result from making a single large deposit in an exchange.
Further investigations revealed that the criminal couple also used these peel chains to recycle and invest successfully funded by two other exchange hacks believed to have been perpetrated by North Korea.
According to the report, the aforementioned pair is also believed to be associated with the Lazarus group that was responsible for the Sony breach in 2014, the 2017 Wannacry attacks, and the hack of the $ 7 million Bithumb cryptocurrency exchange.
Do these detected in KYC procedures
The report said the IRS-CI investigation found that North Korean conspirators used fake documents and manipulated photos to get around KYC's procedures on several exchanges. Therefore, Tian and Li were easily able to take advantage of the Know-Your-Customer (KYC) processes implemented by the exchanges.
Previous research conducted by Kaspersky labs had revealed that the notorious Lazarus group used "advanced skills" to attack cryptocurrency assets. Hackers used the ancient trick of creating fake crypto websites and related trading groups on Telegram linked to websites.
The U.S. Treasury Department's Department of Foreign Assets Control (OFAC) has also announced sanctions against three North Korean hacker groups accused of malware attacks to steal millions from cryptocurrency exchanges.
The three notorious groups in question have been identified as Lazarus Group, Bluenoroff and Andariel - all allegedly controlled by North Korea's main intelligence office, the General Receauissance Office (RGB).