Justice Dept. moves to seize 280 cryptocurrency accounts tied to North Korean hacks

The Justice Department filed forfeiture charges Thursday against 280 cryptocurrency accounts for assisting in laundering millions of dollars stolen during two North Korean hacking incidents.

The U.S. alleges that the cryptocurrency accounts were used to launder $272,000 in cryptocurrency stolen in June 2019 from a virtual currency exchange by a hacker with ties to North Korea, with the funds then converted into other forms of cryptocurrency and funneled through some of the accounts. 

An additional 100 cryptocurrency accounts were allegedly used to launder $2.5 million in virtual currency stolen by North Korean hackers during an attack on a U.S. company in September 2019, according to the Justice Department.

The accounts used to launder the money were controlled by Chinese hackers and are tied to earlier sanctions imposed by the Treasury Department in March. Those sanctions were imposed on two Chinese nationals for laundering previously stolen cryptocurrency.

Assistant Attorney General John Demers, who heads the department’s national security division, said in a statement Thursday that the case was an example of prosecutors working to attribute cyber incidents to malicious hackers.

“Although North Korea is unlikely to stop trying to pillage the international financial sector to fund a failed economic and political regime, actions like those today send a powerful message to the private sector and foreign governments regarding the benefits of working with us to counter this threat,” Demers said. 

“Today’s action publicly exposes the ongoing connections between North Korea’s cyber-hacking program and a Chinese cryptocurrency money laundering network,” acting Assistant Attorney General Brian Rabbitt of the Justice Department’s Criminal Division said in a separate statement. 

The forfeiture complaint was filed the day after multiple federal agencies, including the FBI, put out an alert warning that North Koreans hackers were targeting banks in several countries as part of a scheme to enable ATM withdrawals. The agencies involved noted that North Korea typically uses stolen money to fund its nuclear weapons and ballistic missile programs. 

The investigation into the cryptocurrency accounts also involved the FBI, U.S. Cyber Command and the Internal Revenue Service.