U.S. Indicts Four Men in Scheme to Launder Cryptocurrency for North Korea
WASHINGTON — The Justice Department said on Monday that it had indicted four men on charges of laundering virtual currency stolen by an infamous North Korean online criminal syndicate as part of a far-reaching scheme to buy goods with U.S. dollars and evade international sanctions.
The charges, filed in three cases in federal court in Washington, outline a complex multiyear effort to launder cryptocurrency obtained by the Lazarus Group, an organization linked to espionage, online theft and cyberattacks, including the 2014 breach of Sony Pictures.
The scheme involved a relatively modest amount of currency. But it represents only a fraction of the illegal activity being undertaken by North Korea, officials said — and it vividly demonstrated the creativity and resolve of an isolated country intent on defying demands that it abandon its nuclear weapons and long-range missile programs.
In the first indictment, the government charged a banker based in China, Sim Hyon Sop, 39, along with three cryptocurrency traders with conspiring to convert virtual currency that had been stolen from accounts into dollars. North Korea’s government, short on cash, later used the money to buy goods, including tobacco and communications equipment, in 2018.
The second indictment outlined a related conspiracy by Mr. Sim, and various North Korean information technology workers who used fake identities to get jobs with blockchain companies in the United States. Several workers, and others not named in court papers, used that access to launder about $12 million that passed through Mr. Sim’s cryptocurrency wallet, prosecutors said.
A third indictment describes an unlicensed money-transmitting business that conducted over 1,500 trades for U.S. customers without the necessary licenses.
Three of those charged, including Mr. Sim, were based in China and Hong Kong when, according to prosecutors, they committed their crimes, while a fourth was identified only by an online alias. None of them are currently in U.S. custody, and a Justice Department spokesman declined to say if the Biden administration will request their extradition.
The charges stemmed from “innovative attempts” by North Korean operatives to evade sanctions by “targeting virtual currency companies for theft,” Assistant Attorney General Kenneth A. Polite Jr., the head of the Justice Department’s criminal division, said in a statement.
In a related action, the Treasury Department imposed sanctions on Mr. Sim and the two men named by the Justice Department, Wu HuiHui and Cheng Hung Man. Brian E. Nelson, the under secretary for terrorism and financial intelligence, said North Korea’s effort to generate revenue using stolen virtual currency “directly threatens international security,” and destabilizes the international financial system.
Since 2017, North Korea has pilfered an enormous amount of currency through fraud schemes and by hacking into virtual currency accounts. Operatives working at the behest of the country’s intelligence services and military stole about $1.7 billion worth of cryptocurrency in 2022 alone, according to the Treasury Department.
North Korea employs a sprawling network of currency traders, many working out of China, meant to convert stolen virtual currency into so-called fiat currencies, like dollars and euros. That money is, in turn, used to buy badly needed goods for the government, military and leadership, investigators said.
Over the past few years, North Koreans in the country have been applying for jobs for remote development work without disclosing their identities and by misrepresenting their locations, allowing them to bypass security checks.
At the center of all these efforts is the Lazarus Group, which is under the direct control of North Korea’s main intelligence agency.
The group has targeted the international financial, shipping, media and entertainment sectors to extract currency and sow disruption through data theft, malware heists and destructive malware operations. The Lazarus Group pulled off one of the largest virtual currency heists to date, stealing almost $620 million in virtual currency from a blockchain project linked to an online game in March 2022, according to U.S. officials.