Over $4.4 million in digital assets that were linked to North Korean cybercrime organizations were seized by US law enforcement through the crypto exchange Binance, which cooperated tightly in operation.
In a Twitter thread from May 25th, 2023, Binance described how through the cooperation between its investigation team and United States law enforcement, they managed to stop and sanction four North Korean organizations and their “illicit revenue generation activities”.
Binance stated in their recent tweet:
“We proactively took action against accounts connected to these individuals over a year ago, in compliance with lawfully served warrants and in collaboration with law enforcement.”
Binance spokesperson said that they are "continuously monitoring [their] platform for nefarious nation-state actors and collaborating with law enforcement.”
Department of the Treasury’s Office of Foreign Assets Control (OFAC) reported on 23rd May, that it had sanctioned four entities and one individual committing “malicious cyber activities that support the Democratic People’s Republic of Korea (DPRK) Government.”
Chinyong Information Technology Cooperation Company, Pyongyang University of Automation, the 110th Research Center, and the Technical Reconnaissance Bureau are the four entities that were discovered to be connected with the activity.
According to the US Treasury, Chinyong has a “workforce of thousands of highly skilled IT workers around the world,” tasked with generating “revenue that contributes to its unlawful WMD and ballistic missile programs.”
Using stolen or fake identities, the “workers” apply for overseas IT jobs, or do tech and crypto-related jobs. After that, they proceed to use crypto exchanges to launder money for DPRK.
The one individual that has also been sanctioned by OFAC is Kim Sang Man, who is “presumed to be involved in the payment of salaries to family members of Chinyong’s overseas DPRK worker delegations.” Additionally, he is suspected of receiving over $2 million in digital assets, for selling IT equipment to teams associated with DPRK in both China and Russia.
As per the Treasury Department, the Technical Reconnaissance Bureau “leads the DPRK’s development of offensive cyber tactics and tools and operates several departments, including those affiliated with the Lazarus Group.”
Over recent years, a group of cybercriminals named the Lazarus Group has raided multiple crypto-related projects. It is also believed to be behind the 2022 March hack of Axie Infinity’s Ronin Bridge of $620 million.
According to Changpeng Zhao, the CEO of Binance, in April, the company had recovered around 5.8 million USD from Lazarus Group, after spotting some illegal gains being sent across the exchange.