US prosecutors go after crypto accounts linked to North Korea

Prosecutors in the US filed a lawsuit against 280 cryptocurrency accounts as they are believed to have links to North Korea’s multimillion-dollar crypto theft and laundering networks

Prosecutors from the US Justice Department filed a lawsuit yesterday against 280 cryptocurrency accounts allegedly linked to North Korea’s cyber-attack and money laundering network. According to the investigators from the Justice Department, the accounts were traced to two crypto exchange hacks carried out by North Korea’s state-sponsored cyber hackers in 2019.

The lawsuit revealed that the first crypto attack was in July last year, which saw hackers steal $272,000 in Proton, PlayGame and IHT Real Estate from an unnamed cryptocurrency exchange.

The prosecutors further alleged that a second hack took place two months later, with the hackers carting away $2.5 million in crypto from a US-based exchange.

The North Korean hackers laundered the funds via Chinese over-the-counter (OTC) cryptocurrency traders. The prosecutors argued that the traders were linked to previous crypto laundering schemes.

By going after the 280 cryptocurrency accounts, the Justice Department is following the civil actions announced earlier this year, “The complaint follows related criminal and civil actions announced in March 2020 pertaining to the theft of $250 million in cryptocurrency through other exchange hacks by North Korean actors,” the prosecutors added.

Special Agent Emmerson Buie Jr. of the FBI’s Chicago Field Office, highlighted that yesterday’s complaints show that North Korean hackers cannot hide their crimes within the privacy and anonymity of the internet. Agent Buie Jr. added that international cryptocurrency laundering operations continue to undermine the integrity of the global financial system. Therefore, the authorities will use everything possible to investigate and disrupt these crimes.

North Korean hackers wreak more havoc

North Korean hackers have become known for their crypto-related attacks. The Lazarus group of hackers in North Korea has been linked to numerous attacks on the central banks of Vietnam, Ecuador and Bangladesh.

A recent report by cybersecurity firm F-secure revealed that the Lazarus group uses LinkedIn ad messages to target cryptocurrency companies. According to the F-secure report, the group targeted a cryptocurrency firm last year using a phishing attack. They used a LinkedIn message to send a fake job offer document to a systems administrator at a cryptocurrency firm. The downloaded file allowed the hackers to gain access through the system back door.

After accessing the system, the attackers used backdoor network implants and malware to obtain data from the infected computers. The report added that the hackers also used Mimikatz, a well-designed form of malware used for extracting cryptocurrency wallet information and bank account details.

Matt Lawrence, F-secure’s director of detection and response, stated that the evidence suggests that the hack on the crypto firm was part of an ongoing campaign by the hackers as they target organizations in more than a dozen countries.