The U.S. Department of Justice (DOJ) filed a complaint last week seeking the authority to seize 280 cryptocurrency accounts linked to North Korean cyberheists. This DOJ action not only further exposes North Korea and China’s ongoing cooperation in criminal sanctions-evasion schemes, but also lays the groundwork for the U.S. government to ramp up pressure on Pyongyang’s cybercriminal activity.
DOJ alleges that the 280 listed accounts hold stolen assets from over a dozen cryptocurrency exchanges in South Korea as well as one in the United States. This is the first time North Korea-sponsored operations have hacked a U.S.-based exchange. DOJ did not disclose the target’s name, referring to it simply as “Exchange 10.”
In March, DOJ filed a similar civil action to seize 113 cryptocurrency accounts used to launder over $100 million worth of cryptocurrency stolen by North Korean hackers. There has not yet been a ruling on this earlier complaint. At the same time it filed the March action, DOJ also indicted two Chinese nationals who orchestrated the money laundering operation, while the Treasury Department hit them with sanctions.
The effect of these punitive measures has been limited. In its announcement of last week’s complaint, DOJ acknowledged that “the same group of Chinese OTC [over-the-counter cryptocurrency trading] actors” laundered the proceeds of the latest North Korean cyberheist. In addition, those Chinese actors mitigated the impact of DOJ’s March complaint by pulling their remaining funds out of the targeted accounts “within hours” of the filing. While exchanges are responsible for freezing suspicious accounts, DOJ cannot force a foreign exchange to do so. Some do comply, however. Last week’s complaint shows that two foreign exchanges, dubbed Exchange 4 and Exchange 9, did block accounts after being notified that stored funds were indeed stolen.
Shortcomings aside, the recovery of stolen cryptocurrency from a hostile foreign power represents a landmark for U.S. law enforcement. In addition to targeting North Korean and Chinese actors, DOJ in early August seized $2 million worth of cryptocurrency from 300 accounts operated by terrorist groups, including the Islamic State, al-Qaeda, and Hamas’ Qassam Brigades.
Both the United Nations and United States have confirmed that North Korea’s cybercrime operations directly fund the regime’s nuclear weapons program. Washington’s continuing reluctance to hold China accountable for facilitating Pyongyang’s sanctions evasion only undermines the efforts of the United States and its allies to dismantle verifiably North Korea’s nuclear weapons program.
Fortunately, the ample evidence revealed by DOJ provides a roadmap for Treasury to impose sanctions and other penalties that may deter Chinese institutions from supporting illicit activities.
In March, DOJ’s indictment revealed that its targets transferred stolen funds through nine Chinese banks. The United States should continue investigating those banks’ activities and consider the necessary penalties for repeated offenses.
Specifically, Treasury should consider sanctioning the leadership of Chinese banks that continue to allow North Korean money laundering. Treasury could condition these banks’ resumption of operations on a cessation of illicit activity and the installation of new leadership consisting of non-designated individuals.
Mathew Ha is a research analyst focused on North Korea at the Foundation for Defense of Democracies (FDD), where he also contributes to FDD’sCenter on Economic and Financial Power(CEFP) andCenter on Cyber and Technology Innovation(CCTI). For more analysis from Mathew, CEFP, and CCTI, please subscribeHERE. Follow Mathew on Twitter@MatJunsuk. Follow FDD on Twitter@FDDand@FDD_CEFP and @FDD_CCTI. FDD is a Washington, DC-based, nonpartisan research institute focusing on national security and foreign policy.