North Korean Hackers Launder Their Stolen Crypto, Here Is How They Do It
For decades, North Korea’s Kim dynasty is making billions of money through counterfeiting cash, drug trafficking, and more. But, in the past few years, North Korea is using far more sophisticated methods to make money. They have turned into cybercrimes to raise money for their country. It has been reported that they have thousands of hackers who conduct heists against cryptocurrency exchanges and even banks that result in billions of dollars from being stolen. One such attack was reported in 2018, which results in a $250 million worth of money being stolen in one swoop. According to the United Nations, the regime uses a large amount of money received through it to develop its nuclear power further to ensure its long-term survival.
However, there is a huge difference between just hacking the cryptocurrency exchanges and getting the actual cash to do whatever they plan to do. Getting their hands on real money means that they have to launder the cryptocurrency somewhere without a trace and then exchange them for real currency to buy weapons, luxurious items, and anything else that is not possible with bitcoins.
According to a cryptocurrency case agent at the IRS, Christopher Janczewski, laundering cryptocurrency, is far more sophisticated than the actual hack. With the increase in these hacks, Janczewski has quite busy lately. He was the lead investigating officer in the recent hack involving two Twitter users and the largest darknet website funded through Bitcoin used for child sexual abuse. In the most recent cases, he also led the investigation on the $250 million in cryptocurrency that was carried out by a North Korean hacker team called Lazarus Group. He added that Lazarus Group is evolving quite fast.
Lazarus uses different tactics to hide their wrongdoing and to throw off any investigation. They transfer the cryptocurrencies to different accounts and wallets and may switch from ether to Bitcoin with ease. But, in the past few years, the gang has evolved immensely and are using a tactic called ‘peel chain.’ It involves money movement in quick and automated transactions from one Bitcoin wallet to new addresses using thousands of transactions. It allows them to minimize the risk of setting off any red flags and also hides the real source of money. Another approach called ‘chain hopping’ is used to move the money from one cryptocurrency to another to take it away from Bitcoin. It leads the trails to go cold and sometimes even raise false alarms for the investigation agents.
Janczewski revealed that the Lazarus runs a huge operation that involves the creation and maintenance of thousands of fake identities and accounts. The amount of effort and technology being spent on them is so huge that it shows just how important these operations are for the North Korean regime. While it is difficult to give it a real number, experts say that about 15% of the North Korean economy depends on criminal activity, with cyberattacks on the top.
Cryptocurrency hacking is far from the perfect crime, but investigators and the police have been clueless about how to track them for a while. But today, they have years of experience, and increased cooperation from exchanges and pressure from the government is making it easier for the investigators to track them. With improved technology, blockchain surveillance tools are becoming more advanced, leading to cryptocurrency from being less anonymous than before.
The hackers may use different hops and peels to cover their tracks; they need to use Bitcoins to exchange them for US dollars eventually. It is being possible using the over-the-counter markets that are more traceable. The US government is also taking proactive steps to take action against illegal accounts and exchanges, responding to their requests to freeze funds more easily.