Justice Department seeks recovery of hacked North Korea-linked cryptocurrency funds – Forbes

The Justice Department has announced action against two virtual currency hacks by North Korean actors.

According to court documents, the actors stole millions of dollars in cryptocurrency and laundered the funds through Chinese over-the-counter (OTC) cryptocurrency traders. Now the Justice Department is seeking to recover these funds by filing a civil confiscation complaint.

(You can test your knowledge of civil forfeiture here.)

The complaint follows criminal and civil actions announced earlier this year related to the theft of cryptocurrency via other exchange hacks by North Korean players. These flights took place initially in 2018; Subsequently, the Cybercrime Unit of the Internal Revenue Service-Criminal Investigation (IRS-CI) learned that a South Korea-based virtual bureau de change had been hacked. The North Korean cyber actors responsible for the hack stole nearly $ 250 million in virtual currency, which ultimately landed in around 146 virtual currency accounts. In March 2020, the United States filed a confiscation complaint against these accounts.

The theft was not particularly surprising. Last year, a panel of experts set up by the United Nations Security Council to investigate compliance with sanctions against North Korea found that the North Korean government had “used cyberspace to launch further attacks. more sophisticated in order to steal funds from financial institutions and cryptocurrency exchanges in order to generate income. “Why? According to the panel, these activities allow North Korea” to generate income in a way that is more difficult to trace and subject to less government oversight and regulation than the traditional banking sector. ” now these activities have raised funds for the country’s weapons programs, the total amount of which is estimated to date at $ 2 billion.

How’s it going? Money laundering through multiple accounts. Stolen funds can be transferred through accounts in a series of separate transactions, then channeled to various countries before being converted into fiat currency. This makes it very difficult to keep track of the money. And if you change the currency type, it makes tracking even more difficult. This practice of moving between different types of virtual currency is called “chain hopping”.

The most recent complaint detailed a theft that occurred on or around July 1, 2019. In the hack, thieves stole approximately 401,981,748 Proton Tokens (PTT) from a virtual exchange office. Around 280,269,180 PTTs were contained before they could be liquidated, but the remaining 121,712,568 PTTs entered the market. Around the same time, the relevant exchange reported thefts of other currencies. These currencies were transferred to other exchanges through a complex series of transactions summarized in court documents like this:

According to the complaint, a few months later, in September 2019, a US-based blockchain-focused company Algorand (which administers ALGO tokens) was hacked in a related incident. The hacker associated with North Korea gained access to the company’s virtual currency wallets, funds held by the company on other platforms, and funds held by its partners. In the hack, the thieves used 15 Salvage Seeds to recreate wallets belonging to the exchange and its partners. A Recovery Seed – also known as a Recovery Phrase – is a list of over 12 words that, when entered in a specific order into the virtual currency wallet software, allows anyone with the words to recreate access to virtual assets in the portfolio. What the hackers were able to do then was direct the transfer of funds out of the wallets to other addresses and wallets. This allowed hackers to steal nearly $ 2.5 million and launder it through 106 accounts on other virtual currency exchanges.

Following the transactions, the police were able to identify the assets involved in the projects. The lawsuit now seeks a judgment declaring that the property will be forfeited to the benefit of the United States government.

“As part of our commitment to protect national security, this office has been at the forefront of North Korea’s criminal attacks on the financial system,” Acting US District Attorney Michael R. Sherwin said. from Columbia. “This complaint reveals the incredible skill of our Cryptocurrency Strike Force in tracing and seizing virtual currency, which criminals previously thought was impossible.”

Several different agencies were involved in the investigation, including the IRS-CI Cybercrime Unit in Washington, DC, local FBI offices in Chicago and Atlanta, and HSI’s office in Colorado Springs with support. from the FBI Field Office in San Francisco.

US Assistant Lawyers Zia M. Faruqui, Jessi Camille Brooks and Christopher Brown, with assistance from Paralegal Surveillance Specialist Elizabeth Swienc and Legal Assistant Jessica McCormick, Lawyer C. David Recker of the Section of Counterintelligence and Export Control’s National Security Division is continuing the case.

“Despite the highly sophisticated laundering techniques used, the IRS-CI Cybercrimes Unit was able to trace the stolen funds directly to North Korean actors,” said Don Fort, IRS head of criminal investigations. (IRS-CI). “The IRS-CI will continue to work with its law enforcement partners to combat foreign and domestic operations that threaten the United States financial system and national security.

The funds from these hacks, and previous hacks, were all allegedly laundered by the same group of Chinese OTC players. The infrastructure and communications accounts used to facilitate intrusions and remittances were also tied to North Korea.

“At US Cyber ​​Command, we take advantage of a persistent engagement approach to challenge the actions of our adversaries in cyberspace,” said Brigadier General Joe Hartman, commander of the Cyber ​​National Mission Force. “This includes disrupting North Korean efforts to generate revenue illegally. Department of Defense cyber operations do not take place in isolation. A persistent engagement includes the implementation of cyber operations as much as the sharing of information. with our inter-agency partners to do the same. ”

“Today’s complaint demonstrates that North Korean actors cannot hide their crimes in the anonymity of the Internet. International cryptocurrency laundering programs undermine the integrity of our financial systems at the level global, and we will use every tool in our arsenal to investigate and disrupt these crimes. ”said Special Agent in Charge Emmerson Buie Jr. of the FBI’s Chicago Field Office.“ The FBI will continue to enforce of risks and consequences to criminals who seek to undermine our national security interests. “

The post Justice Department seeks recovery of hacked North Korea-linked cryptocurrency funds – Forbes appeared first on USNewsRank.