US sues to recover cryptocurrency funds stolen by North Korean hackers

US officials are going after 280 BTC and ETH accounts storing funds North Korean hackers stole from two cryptocurrency exchanges.

North Korea made $2 billion from cyberattacks, UN report

The United States government has filed a lawsuit today seeking to seize control over 280 Bitcoin and Ethereum accounts that are believed to be holding funds North Korean hackers stole from two cryptocurrency exchanges.

Court documents did not identify the hacked exchanges, but officials said the two hacks took place in July 1, 2019, and September 25, 2019.

During the first incident, North Korean hackers stole $272,000 worth of alternative cryptocurrencies and tokens, including Proton Tokens, PlayGame tokens, and IHT Real Estate Protocol tokens, while in the second, hackers stole multiple virtual currencies, worth in total more than $2.5 million.

US officials said they used blockchain analysis to track down stolen funds from two hacked exchange portals back to the 280 accounts.

btc-hack-3.png

Analysis of the July 2019 hack

Image: US DOJ
btc-hack-10.png

Analysis of the September 2019 hack

Image: US DOJ, court documents

According to court documents, the US says North Korean hackers used a technique known as "chain hopping" to launder the stolen funds. The technique, also known as "blockchain hopping," refers to taking funds from a type of cryptocurrency and exchanging it into another (i.e., converting Stellar to Ethereum, or converting Tether to Bitcoin).

The DOJ says North Korean hackers usually stole funds from one exchange, transferred the funds to another exchange where they chain hopped several times and eventually gathered all funds into the 280 BTC and ETH accounts they tracked down.

Per the court documents, many of these 280 addresses are currently frozen at the cryptocurrency portals where they were set up. The accounts were frozen immediately after the hacks, as cryptocurrency exchange portals cooperated with each other to track down funds and freeze accounts before the funds were converted back into fiat (real) currency, and all traces lost for good.

Now, the US government wants to formally take control of these accounts in order to return funds to the hacked exchanges or users (in the case of exchanges that have shut down since the hacks).

The US Department of Justice said these two hacks are connected to other North Korean hacks and money laundering operations they exposed in March 2019, when they charged two Chinese nationals for helping the North Korean hackers launder their proceeds through Chinese companies.

In September 2019, the US Treasury sanctioned three North Korean hacking groups and move to freeze financial assets associated with their shell companies. Treasury officials said the three groups engaged in the hacking of cryptocurrency exchanges in order to steal funds to send back to the Pyongyang regime, which would then use the stolen assets to fund its weapons and missile programs.