Three North Koreans Sanctioned for Involvement in Crypto-Linked Hacking Group – Here’s What Happened

Ruholamin Haqshanas
Last updated: | 2 min read
Source: Alexlmx/Adobe

The US Department of Foreign Asset Control (OFAC) has sanctioned three individuals that allegedly supported North Korea through illicit financing and malicious cyber activity. 

In a Monday press release, the US Treasury claimed that the three individuals provided material support to the Lazarus Group, a North Korean hacking team known for crypto thefts, to convert stolen cryptocurrency to fiat currency.

Mainland China-based virtual currency trader Wu Huihui and Hong Kong-based currency trader Cheng Hung Man were over-the-counter (OTC) traders who facilitated crypto transactions for Lazarus, per the agency. 

A third person, Sim Hyon Sop, was identified as a North Korean banker that provided other financial support.

“Today’s indictments reveal North Korea’s continued use of various means to circumvent U.S. sanctions,” U.S. Attorney for the District of Columbia Matthew Graves said in a statement. 

“We can and will ‘follow the money,’ be it through cryptocurrency or the traditional banking system, to bring appropriate charges against those who would help to fund this corrupt regime.” 

The announcement said that the North Korean government uses the crypto assets obtained by the Lazarus Group to fund its illegal nuclear program. The regime has repeatedly threatened Japan and other neighbors with nuclear weapons.

North Korea has raked in billions of dollars through cryptocurrency thefts and other schemes since at least 2017.

Earlier this year, the White House said that North Korean hackers had stolen more than $1 billion worth of crypto in the past two years, adding that Pyongyang has used the funds to support its missile program.

The US government has also claimed that the North Korean hacking group Lazarus was responsible for the hack of Axie Infinity’s Ronin blockchain that saw hackers make off with about $625 million worth of Ethereum and USDC.

However, North Korea has repeatedly denied that it seeks to hack crypto and has refuted accusations surrounding the Lazarus group, which has previously been accused of masterminding the 2014 hack of Sony Pictures and the 2017 Wannacry ransomware attacks.

North Korean Hackers Exploit DeFi and Crypto Loophloles

North Korean hacking groups, which account for a huge portion of illicit cyber activities, have been continually innovating and finding new ways to steal crypto assets and launder those funds. 

Earlier this month, the US Treasury claimed that North Korean hackers and scammers exploit loopholes in the decentralized finance (DeFi) space to launder money and hide criminal activity.

The federal agency said that North Korean hackers and other groups engaged in illicit activity have benefited from the non-compliance of some DeFi platforms with certain AML and CFT regulations.

Likewise, a recent report by cybersecurity firm Mandiant noted that Pyongyang-based hacking group APT43, also known as Kimuski, buys cloud mining services with its stolen funds to produce clean crypto with no blockchain-based connections for law enforcement to trace.

“APT43 steals and launders enough cryptocurrency to buy operational infrastructure in a manner aligned with North Korea’s juche state ideology of self-reliance,” the report claimed.