Treasury sanctions Chinese hackers for laundering previously stolen cryptocurrency

The Treasury Department’s Office of Foreign Assets Control on Monday sanctioned two Chinese hackers for laundering cryptocurrency valued at $91 million previously stolen by North Korean cyber criminals. 

The agency sanctioned Chinese nationals Tian Yinyin and Li Jiadong for providing financial and technological support for a North Korean hacking group known as Lazarus that stole $250 million from a cryptocurrency exchange in 2018. Tian and Li were sent $91 million from the funds stolen by Lazarus, as well as $9.5 million from a separate North Korean-sponsored hack. 

Once they were in possession of the stolen funds, Tian and Li are then alleged to have transferred the money to various addresses in order to cover up where the funds originated from. About $1.4 million of the stolen cryptocurrency was transferred to Apple iTunes gift cards. 

As a result of the sanctions, all U.S. property of Tian and Li have been blocked, and any individuals found to be interacting with them may open themselves up to being sanctioned as well. 

Treasury Secretary Steven Mnuchin harshly condemned both the Chinese hackers and ongoing North Korea cyberattacks on financial groups in a statement on Monday. 

“The North Korean regime has continued its widespread campaign of extensive cyber-attacks on financial institutions to steal funds,” Mnuchin said. “The United States will continue to protect the global financial system by holding accountable those who help North Korea engage in cyber-crime.”

The new sanctions come after the Treasury Department formally sanctioned the Lazarus group and two other North Korean hacking groups in September for targeting U.S. critical infrastructure, with the Treasury Department noting at the time that all three were tied to the North Korean government. 

The Lazarus group was also involved in the WannaCry ransomware attacks in 2017, which impacted around 150 countries and encrypted or shut down around 300,000 computers, becoming one of the largest ransomware attacks in history. 

North Korea is widely considered one of the most dangerous nations in cyberspace alongside Russia, China and Iran, and was estimated in August by a United Nations panel to have stolen about $2 billion to fund its weapons of mass destruction programs through cyber activities, with about $571 million attributed to cryptocurrency theft.