280 Lazarus-linked Crypto Accounts Could Be Frozen by DoJ

Reading Time: 2 minutes
  • Money launderers for Lazarus, the North Korean hacking group, could soon see their cryptocurrency accounts frozen thanks to a civil forfeiture claim filed by the Department of Justice
  • The hacking group used Chinese OTC brokers to sell funds stolen in two exchange hacks in 2018
  • Two Chinese nationals were arrested for money laundering for Lazarus in March, and the authorities have now identified the accounts associated with them

The Department of Justice (DoJ) wants access to 280 cryptocurrency exchange accounts linked to the Chinese money launderers allegedly connected to the North Korean hacking group Lazarus. An indictment unsealed by the U.S. Attorney’s Office for the District of Columbia last week revealed that Lazarus, the most prominent North Korean hacking group, was behind the hacks of two unnamed exchanges in 2018 to the tune of $250 million and the DoJ wants access to the exchange accounts through which the money was laundered.

280 Accounts Created

The DoJ’s civil forfeiture claim does not name the exchanges on which the Lazarus hacks took place or those through which they suspect the money flowed, but it does state that some 280 new accounts were created on the receiving exchanges in the days surrounding the twin hacks. The stolen cryptocurrency came into those accounts and then was either syphoned off to Chinese OTC brokers or kept in the accounts.

The DoJ claims that it is legally entitled to this money as part of an investigation which started in March when two Chinese nationals, Tian Yinyin and Li Jiadong, were charged with laundering $100 million of the stolen cryptocurrency on behalf of Lazarus.

Lazarus’ China Link Confirmed

It had long been thought that there was a Chinese influence in North Korean hacking activities, and the DoJ investigation that started when the arrest of Yinyin and Jiadong six months ago has solidified their case. Acting Assistant Attorney General Brian Rabbitt of the DoJ’s Criminal Division confirmed as much in the indictment, saying that,

Today’s action publicly exposes the ongoing connections between North Korea’s cyber-hacking program and a Chinese cryptocurrency money laundering network.

It is not known how much money remains in the exchange accounts the DoJ wants to empty, but access to these accounts may reveal more clues about where the money from Lazarus comes from and where it goes afterward.