U.S. sanctions Chinese nationals accused of laundering millions in stolen crypto for North Korea-tied hackers

The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) announced Monday that it sanctioned two Chinese nationals for their role in laundering funds tied to a multi-million dollar crypto exchange hack.

According to OFAC's statement, Tian Yinyin and Li Jiadong played a role in moving money that was allegedly derived from the actions of the so-called Lazarus Group, which is itself tied to the North Korean government. Hackers supported by North Korea are believed to have hacked billions of dollars in cryptocurrency, as previously reported, in the past couple of years. 

As OFAC noted on Monday:

"The Democratic People's Republic of Korea (DPRK) trains cyber actors to target and launder stolen funds from financial institutions. Tian and Li received from DPRK-controlled accounts approximately $91 million stolen in an April 2018 hack of a cryptocurrency exchange (referred to hereinafter as 'the exchange'), as well as an additional $9.5 million from a hack of another exchange. Tian and Li transferred the currency among addresses they held, obfuscating the origin of the funds."

The particular hack in question is said to have taken place in April 2018, resulting in the theft of $250 million worth of cryptocurrency and "accounting for nearly half of the DPRK’s estimated virtual currency heists that year."


Keep up with the latest news, trends, charts and views on crypto and DeFi with a new biweekly newsletter from The Block's Frank Chaparro

By signing-up you agree to our Terms of Service and Privacy Policy
By signing-up you agree to our Terms of Service and Privacy Policy

"Tian ultimately moved the equivalent of more than $34 million of these illicit funds through a newly added bank account linked to his exchange account. Tian also transferred nearly $1.4 million dollars' worth of Bitcoin into prepaid Apple iTunes gift cards, which at certain exchanges can be used for the purchase of additional Bitcoin," OFAC explained.

It's not clear which exchange was targeted, based on a review of publicly-known attacks that took place throughout 2018.

South Korea-based exchange Coinrail reported a $40 million hack in June of that year. Other exchanges known to have been targeted by Lazarus or hackers tied to North Korea include Bithumb and Youbit, both based in South Korea, though those attacks took place in 2017. 

OFAC additionally added 20 bitcoin addresses to its sanctions list, all of which are tied to Tian and Li.

"The North Korean regime has continued its widespread campaign of extensive cyber-attacks on financial institutions to steal funds," Treasury Secretary Steven Mnuchin said in a statement. "The United States will continue to protect the global financial system by holding accountable those who help North Korea engage in cyber-crime."

Separarely, court orders indicate that the U.S. government is seeking to take possession of more than one hundred cryptocurrency addresses on the bitcoin and ethereum networks.