The U.S. government has charged North Korean three hackers in connection with an array of cybercrime, including thefts from hundreds of businesses including several in the cryptocurrency sector.
Much of the $1.3 billion figure cited by the Department of Justice on Wednesday appears linked to illicit money transfers from bank accounts. But DOJ statements cite several unnamed crypto firms, including a mining company in Slovenia that appears to service provider NiceHash, as targets of the hackers. NiceHash was attacked in December 2017, the same period referenced by the DOJ.
The now-unsealed indictment, filed in United States District Court in Los Angeles in December, names Kim Il, Jon Chang Hyok and Park Jin Hyok as defendants. The three were allegedly members of the Reconnaissance General Bureau, a North Korean military intelligence unit.
Per the DOJ, the hackers were accused of:
"Targeting of hundreds of cryptocurrency companies and the theft of tens of millions of dollars’ worth of cryptocurrency, including $75 million from a Slovenian cryptocurrency company in December 2017; $24.9 million from an Indonesian cryptocurrency company in September 2018; and $11.8 million from a financial services company in New York in August 2020 in which the hackers used the malicious CryptoNeuro Trader application as a backdoor."
In all, the listed targets account for some $111.7 million in thefts. The DOJ said that as part of today's actions, $1.9 million in cryptocurrency had been seized and will be returned to the New York-based company.
Additionally, the DOJ's indictment -- linked below -- outlines a scheme by the North Korean government to raise funds from investors via the so-called Marine Chain Token platform. Court documents state: "Defendant KIM IL and other conspirators would, at other times, use false and fraudulent names when contacting individuals who they hoped would be involved in creating Marine Chain. In those instances, defendant KIM IL and other conspirators would not disclose to these individuals that the conspirators were DPRK citizens or that they were communicating using false and fraudulent names."
“The scope of the criminal conduct by the North Korean hackers was extensive and long-running, and the range of crimes they have committed is staggering. The conduct detailed in the indictment are the acts of a criminal nation-state that has stopped at nothing to extract revenge and obtain money to prop up its regime," Acting U.S. Attorney Tracy Wilkison. said in a statement.
The three defendants face as many as 35 years in prison if convicted on computer fraud, wire fraud and bank fraud conspiracy charges.
North Korea has been linked in the past with attacks on cryptocurrency exchanges, as previously reported.