Make Kitco Your Homepage

U.S. Treasury sanctions North Korean crypto entities, flags multiple Binance wallets

Kitco News

Editor note Get all the essential market news and expert opinions in one place with our daily newsletter. Receive a comprehensive recap of the day's top stories directly to your inbox. Sign up here!

(Kitco News) - The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced earlier today that they have sanctioned four entities and one individual for “obfuscated revenue generation and malicious cyber activities that support the Democratic People’s Republic of Korea (DPRK) Government.”

According to the OFAC, North Korea engages in a wide range of “malicious cyber activities” and uses its own IT personnel to secure international technology jobs under fraudulent pretexts.

“Today’s action continues to highlight the DPRK’s extensive illicit cyber and IT worker operations, which finance the regime’s unlawful weapons of mass destruction and ballistic missile programs,” said Brian Nelson, Under Secretary of the Treasury for Terrorism and Financial Intelligence. “The United States and our partners remain committed to combatting the DPRK’s illicit revenue generation activities and continued efforts to steal money from financial institutions, virtual currency exchanges, companies, and private individuals around the world.”

The DPRK’s malicious cyber actors target individuals and companies worldwide to steal funds to support the regime’s priorities, including its unlawful weapons of mass destruction (WMD) and ballistic missile programs.

According to a Feb. 1 report from blockchain research firm Chainalysis, North Korean entities including Lazarus Group are the single largest source of crypto hacks and theft in the world. “In 2022, they shattered their own records for theft, stealing an estimated $1.7 billion worth of cryptocurrency” out of the global total of $3.9 billion, they wrote.

The entities sanctioned by the OFAC included the Pyongyang University of Automation, which the report called “one of the DPRK’s premier cyber instruction institutions.” It trains many of the malicious cyber actors who work under the regime’s Reconnaissance General Bureau (RGB), the primary intelligence bureau and cybercrime entity of the DPRK.

The Treasury also sanctioned the RGB-run Technical Reconnaissance Bureau and its subordinate cyber unit, the 110th Research Center.

The OFAC claimed the Technical Reconnaissance Bureau “leads the DPRK’s development of offensive cyber tactics and tools and operates several departments, including those affiliated with the Lazarus Group.”

On April 14, 2022 the U.S. Treasury identified the Lazarus Group as the actors behind the single largest crypto theft of all time after nearly $615 million was stolen from Ronin, a blockchain network that lets users transfer crypto in and out of the popular online game Axie Infinity on March 23. Blockchain analytics firms including Chainalysis and Elliptic confirmed at the time that North Korea was behind the break-in.

The OFAC also alleged that the DPRK “generates significant revenue through the deployment of IT workers who fraudulently obtain employment with companies around the world, including in the technology and virtual currency industries.” They said North Korea maintains an IT workforce spread around the world, but concentrated principally in China and Russia, “to generate revenue that contributes to its unlawful WMD and ballistic missile programs.”

The Treasury said these workers use “fake personas, proxy accounts, stolen identities, and falsified or forged documentation” to get hired by companies based in wealthy countries, and can earn upwards of $300,000 each per year.

“DPRK IT workers often take on projects that involve virtual currency,” they wrote. “DPRK IT workers also use virtual currency exchanges and trading platforms to manage digital payments they receive for contract work as well as to launder these illicitly obtained funds back to the DPRK.”

The North Korean Chinyong Information Technology Cooperation Company (Chinyong), as well as Russia-based senior Chinyong executive Kim Sang Man, were both sanctioned in the latest Treasury action.

The Treasury announcement also contributed to more bad press for Binance, as Coindesk reported soon afterward that several of the DPRK-controlled crypto wallets listed by the OFAC were hosted by Binance. According to the OFAC, a number of sanctioned wallets containing bitcoin, ether, USDT and USDC belonged to Sang Man Kim, a 58-year-old North Korean citizen.

On Nov. 8, the OFAC designated Ethereum-based crypto mixer Tornado Cash as a supporter of North Korea’s nuclear weapon development program.

“This action is part of the United States’ ongoing efforts to limit the DPRK’s ability to advance its unlawful weapons of mass destruction (WMD) and ballistic missile programs,” the announcement said.

According to the Treasury, Tornado Cash smart contracts have been utilized by various actors, including the Lazarus Group, to obfuscate the source of funds acquired from cyber heists.

“Malicious cyber actors subsequently used the Tornado Cash smart contracts to launder more than $96 million of funds derived from the June 24, 2022 Harmony Bridge Heist, and at least $7.8 million from the August 2, 2022 Nomad Heist,” the OFAC said.

Disclaimer: The views expressed in this article are those of the author and may not reflect those of Kitco Metals Inc. The author has made every effort to ensure accuracy of information provided; however, neither Kitco Metals Inc. nor the author can guarantee such accuracy. This article is strictly for informational purposes only. It is not a solicitation to make any exchange in commodities, securities or other financial instruments. Kitco Metals Inc. and the author of this article do not accept culpability for losses and/ or damages arising from the use of this publication.