Cointime

Download App
iOS & Android

DPRK Facilitators Charged and Sanctioned, Shedding Light on North Korean Crypto Money Laundering Processes

Validated Project

On April 24, 2023, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned three individuals operating in China for facilitating Democratic People’s Republic of Korea (DPRK) cryptocurrency money laundering activities used to fund weapons of mass destruction and missile programs. Cryptocurrency addresses were included in the SDN list entries for two of the three individuals, and the Department of Justice (DOJ) also charged one of them in an unsealed indictment released today.

In this blog, we’ll examine the details of these charges and sanctions, and the new information they reveal about North Korea’s cryptocurrency money laundering processes.

Who was charged and sanctioned?

The three individuals sanctioned by OFAC are Wu Huihui (Wu), Cheng Hung Man (Cheng), and Sim Hyon Sop (Sim). Sim was also charged by the DOJ for his role in money laundering conspiracies.

Wu is a China-based over-the-counter (OTC) cryptocurrency trader who converted millions of dollars’ worth of stolen cryptocurrency into fiat currency on behalf of DPRK actors working with Lazarus Group, a North Korea-affiliated cybercriminal syndicate.

Cheng, an OTC trader based out of Hong Kong, directly supported Wu’s actions. Through the use of shell companies, Cheng and Wu helped the DPRK circumvent U.S. sanctions and convert cryptocurrency — much of it stolen in hacks — into cash.

Sim helped the already-OFAC-designated Korea Kwangson Banking Corp (KKBC) orchestrate money-laundering schemes to support DPRK weapons production and purchase goods on behalf of the Koren government. According to OFAC, Sim received tens of millions’ worth of cryptocurrency while acting as a representative of KKBC, much of which came from North Korean IT workers who fraudulently worked overseas, including in the U.S. These workers often leveraged fake information to apply and work for companies in the technology and cryptocurrency industries, while specifically requesting payment in cryptocurrencies. North Korea’s usage of IT workers to generate foreign income has been previously highlighted in a joint advisory by the U.S. government.

Sim reportedly then coordinated with OTC traders, including Wu and Cheng. In the scheme, Sim would receive the salaries from the IT workers, send payments to shell companies operated by Wu and Cheng, and in converting the cryptocurrency to fiat, utilize those funds to purchase goods on behalf of DPRK.

Money laundering tactics using mixers

Chainalysis research has revealed that North Korea-linked hackers typically use mixers to launder large amounts of money, and that they use mixers at a much higher rate than other illicit actors. In the past, these hackers have utilized mixers such as Tornado Cash and Sinbad.

The information revealed today by OFAC and the DOJ gives us more insight into what happens after North Korean actors leverage mixers using intermediaries – including OTCs – before ultimately converting cryptocurrency into cash at an exchange. The Chainalysis Reactor graph below shows some of this activity.

Here, we can see how DPRK actors leveraged mixing services to obfuscate the origin of ill-gotten funds, as well as decentralized exchanges. These funds then went to Wu’s and Sim’s wallets, and other OTC markets. Wu and Sim transferred to mainstream exchanges, after which they converted cryptocurrency to fiat currency. Additionally, we see how DPRK funds related to two 2019 hacks and held in addresses mentioned in a previous forfeiture complaint were cashed out at a number of the same service deposit addresses leveraged by these OTC traders.

Monitoring malicious cryptocurrency-based cyber crimes

Lazarus Group is responsible for the biggest cryptocurrency hack ever in addition to countless thefts and similar financial crimes. In 2022 alone, we attributed $1.7 billion in stolen cryptocurrencies to Lazarus Group. Its activities, as well as those of other DPRK threat actors such as the fraudulent IT workers highlighted in today’s designation, present serious threats to the public safety and financial systems of countries around the world.

OFAC’s and DOJ’s actions demonstrate their dedication to reducing malicious cyber crimes in connection with cryptocurrencies. Today’s designated actors carry secondary sanctions risk, meaning even non-U.S. persons may be subject to sanctions if they engage in significant transactions with Wu, Cheng, or Sim. This further emphasizes the importance of cryptocurrency participants knowing their exposure to these individuals and entities associated with them.

We will continue to provide more research on the role of cryptocurrency in cybercrimes in the near future.

This material is for informational purposes only, and is not intended to provide legal, tax, financial, or investment advice. Recipients should consult their own advisors before making these types of decisions. Chainalysis has no responsibility or liability for any decision made or any other acts or omissions in connection with Recipient’s use of this material.

Chainalysis does not guarantee or warrant the accuracy, completeness, timeliness, suitability or validity of the information in this report and will not be responsible for any claim attributable to errors, omissions, or other inaccuracies of any part of such material.

Read more: https://blog.chainalysis.com/reports/ofac-dprk-north-korea-sanctions-april-2023/

Comments

All Comments

Recommended for you

  • Ithaca Completes $20 Million New Round of Financing

    Ithaca has completed a new round of funding of $20 million, with participation from Paradigm.

  • BTC breaks through $61,500

    The market shows BTC breaking through $61,500 and now reporting $61,541.65, with a 24-hour increase of 0.77%. The market is volatile, please be prepared for risk control.

  • Revisiting the Mean

    Following a 10% price correction, the Bitcoin market has rebounded back to the $63k level, in an attempt to reclaim the critical Short-Term Holder cost-basis.

  • BTC breaks through $61,000

    The market shows BTC has broken through $61,000 and is now trading at $61,016, with a 24-hour increase of 0.08%. The market is volatile, so please be prepared for risk control.

  • CryptoQuant: More than 63,000 BTC transferred to exchanges from October 7 to 9

    According to CryptoQuant's data, since October 7, 2024, more than 63,000 BTC have been sent to cryptocurrency exchanges, including approximately 28,000 BTC on October 7, 23,500 BTC on October 8, and approximately 12,000 BTC on October 9.

  • Bitcoin hash rate hits new all-time high, reaching 698 EH/s

    According to the latest network data, Bitcoin's computing power reached a historic high of 698 exahashes (EH/s) per second on October 10, 2024. This new record surpasses the previous record of 693 EH/s set on September 8.

  • Hong Kong Treasury Department Deputy Secretary Chan Ho-lim called on investors to participate in virtual currency trading through licensed exchanges

    Chen Haolian, Deputy Director of the Hong Kong Financial and Treasury Bureau, called on investors to participate in virtual currency trading through licensed exchanges. Chen Haolian stated that the Hong Kong government is actively building the entire ecosystem, and the Investment Promotion Bureau is currently promoting relevant companies to expand their business in Hong Kong. The ecosystem of virtual assets includes not only exchanges, but also funds for trading virtual assets and central bank digital currencies (CBDCs). Consultation on stablecoin regulation has been completed, and relevant legislation is currently being prepared for submission to the Legislative Council.

  • US Senators propose stablecoin regulation bill

    US Senator Bill Hagerty, who supports cryptocurrencies, has announced a legislative discussion draft aimed at creating a regulatory framework for stablecoins, which is very similar to the work being done in the House of Representatives. Republican Hagerty said in a statement on Thursday that his bill "provides much-needed regulatory clarity." The bill is very similar to the Clarity for Payment Stablecoins Act drafted by Republican Representative Patrick McHenry and Democrat Maxine Waters in the House.

  • The number of first-time unemployment claims in the United States last week was 258,000

    The number of first-time unemployment claims in the United States last week was 258,000, estimated to be 230,000, and the previous value was 225,000.

  • US CPI rose 2.4% year-on-year in September

    The US CPI rose by 2.4% year-on-year in September, with an estimated increase of 2.3% and a previous increase of 2.5%; the US CPI rose by 0.2% month-on-month in September, with an estimated increase of 0.1% and a previous increase of 0.2%.