News

Two Chinese nationals face asset freezes and criminal charges of money laundering and unlicensed money transmission in the U.S. for allegedly handling more than $100 million in stolen cryptocurrency for state-sponsored hackers in North Korea.

In July 2018, Tian Yinyin and Li Jiadong began using more than 100 digital wallets and addresses at several exchanges to move the pilfered bitcoins, ether, zcash and other cryptocurrencies, federal prosecutors and the Treasury Department’s Office of Foreign Assets Control claimed Monday.

Most of the $100 million that the suspects are accused of laundering belonged to the Lazarus Group, a U.S.-blacklisted hacking network that allegedly stole more than double that amount from an unspecified exchange two months earlier by orchestrating a spear-phishing email attack against its employees.

Tian Yinyin, Li Jiadong and their co-conspirators used fake photos and ID to evade the due-diligence checks of multiple exchanges before initiating “automated cryptocurrency transactions” to move cybertheft proceeds and evade law enforcement, the U.S. Attorney’s Office for the District of Columbia said in a statement.

The pair, who went by the online monikers of “snowsjohn” and “khaleesi,” sometimes used their own digital wallets to move the funds and frequently transacted with one another on at least three exchanges, including one in the United States, while also profiting by charging others a fee to exchange cryptocurrency for U.S. banknotes.

For nearly a year, until at least April 2019, according to the indictment, Li Jiadong transferred around $33 million in stolen cryptocurrency from his exchange wallets to nine accounts, including at Agricultural Bank of China, China Minsheng Bank and Shanghai Pudong Development Bank.

Tian Yinyin for his part made 500 deposits worth a combined $34 million into a yuan-denominated account he opened at China Guangfa Bank a week before the hack, and separately used $1.4 million in bitcoins to purchase “prepaid Apple iTunes gift cards.”

“They were turning the illicit bitcoins into iTunes cards so they could then sell those cards for ‘clean’ money,” said Yaya Fanusie, a former CIA analyst. “That’s money laundering 101.”

OFAC on Monday also blacklisted 20 cryptocurrency wallets associated with Tian and Li, who U.S. officials also accused of laundering nearly $10 million of the nearly $50 million that North Korean hackers allegedly stole from a South Korean exchange in November.

Those details appear to match the cybertheft perpetrated against Upbit in November 2019, said Fanusie, now a consultant in Washington, D.C.

Contact Valentina Pasquali at vpasquali@acams.org