The U.S. Department of Justice (DOJ) has announced their indictment against four North Korean nationals. They have been indicted with the theft of close to $1 million in crypto from blockchain firms. Specifically, Kim Kwang Jin, Kang Tae Bok, Jong Pong Ju and Chang Nam Il have been accused of serious crimes. They have been charged with wire fraud and money laundering. The people faked their way as remote IT developers, using fake and stolen or otherwise exploited identities to hide their connection with North Korea.

We saw the DOJ and FBI successfully disrupt North Korean plots to steal and launder cryptocurrency. The case illustrates the growing danger posed by North Korean hackers specifically against the cryptocurrency industry.

Allegations of Fraud and Theft

From late-2020 to mid-2021, North Koreans secured positions within an Atlanta-headquartered blockchain company. They meanwhile joined a Serbian virtual token company in this period. In order to get hired, they filed fake applications with the company—applying with stolen and invented identities. In 2019, the group operating initially from the United Arab Emirates used a strategic, streamlined approach to heavily target corporations that had access to cryptocurrency.

In the DOJ’s latest charge, Jong Pong Ju is accused of siphoning $175,000 in cryptocurrency in February 2022. The hacker, Kim Kwang Jin, is said to have utilized the underlying source code of smart contracts to make off with $740,000. These people used counterfeit identities and stolen identities to hide their North Korean nationality.

Criminals allegedly laundered the stolen money through mixers. They then guided the money into exchange accounts that were ultimately under the control of Kang Tae Bok and Chang Nam Il. These accounts were opened with fake Malaysian identification, making it even more difficult to determine the origin of the money.

Civil Forfeiture Complaint

Significantly, the DOJ filed a civil forfeiture complaint in addition to the criminal charges. They’re trying to forfeit $7.74 million worth of cryptocurrency. Some experts think the money was generated from fraudulent operations led by North Korean IT professionals. These workers pretended to be global remote blockchain freelancers in order to execute their schemes. North Korean hackers were able to use that privileged access to steal billions of dollars from companies dealing in blockchain.

"These schemes target and steal from US companies and are designed to evade sanctions and fund the North Korean regime’s illicit programs, including its weapons programs" - John A. Eisenberg, assistant attorney general for national security.

The DOJ’s actions are a reminder of the US Government’s determination to fight cybercrime and stop the use of crypto for illegal activities.

Implications and Ongoing Investigations

The case highlights the sophisticated tactics employed by North Korean hackers. It further underscores the systemic vulnerabilities present within the ever-growing cryptocurrency industry. These security vulnerabilities are especially harmful because they can be exploited across device types by malicious actors.

It’s heartening to see the DOJ and FBI still investigating and disrupting North Korean plots to steal cryptocurrency. As the attackers have infiltrated crypto workforces, the North Korean hackers have been spotted deploying a new type of info-stealing malware. These charges and this forfeiture complaint send a strong message that we are determined to bring these criminals to justice, and we will find and return stolen assets.