US Prosecutors Crack Down On North Korean Hackers

The first attack hit in July 2019, when hackers stole $272,000 in Proton, PlayGame, and IHT Real Estate tokens from a cryptocurrency exchange. Two months later, a second breach netted the hackers $2.5 million from another exchange based in the US. The stolen funds moved through Chinese over-the-counter cryptocurrency traders who had connected to previous money laundering operations.

The lawsuit extends work the government began in March, when prosecutors announced charges and civil claims tied to $250 million in cryptocurrency stolen from exchanges by North Korean operators. Special Agent Emmerson Buie Jr. from the FBI's Chicago office said in a statement that the new action demonstrates how North Korean actors cannot operate in the shadows of the internet without consequence. He added that international cryptocurrency laundering continues to damage the financial system's integrity, and that authorities will deploy all available tools to interrupt these operations.

North Korean hackers have built a track record hitting cryptocurrency targets. The Lazarus group, which operates from North Korea, has carried out attacks on central banks in Vietnam, Ecuador, and Bangladesh. A cybersecurity firm called F-Secure documented how Lazarus uses LinkedIn messages to target cryptocurrency workers. The firm found that members of the group sent a fake job offer through LinkedIn to a systems administrator at a crypto company last year. The attached file installed a back door, letting attackers access the network. Once inside, they deployed malware and network implants to harvest data from infected systems, including Mimikatz, a tool designed to extract wallet credentials and banking details.

Matt Lawrence, F-Secure's director of detection and response, said the evidence points to a coordinated campaign targeting organizations across more than a dozen countries.