The United States Department of Treasury has imposed sanctions on three individuals who have assisted the infamous hackers Lazarus Group in converting stolen cryptocurrency to fiat currency. The group is believed to have used the funds for the Democratic People’s Republic of Korea’s (DPRK) unlawful weapons of mass destruction (WMD) and ballistic missile programs.
According to a prior report by Chainalysis, Lazarus Group was accountable for crypto theft amounting to $1.7 billion in 2022.
OFAC Sanctions 3 China-Based OTC Traders
Under the Department of Treasury, the Office of Foreign Assets Control (OFAC) has designated sanctions on two over-the-counter (OTC) traders; Wu Hiuhui from the People’s Republic of China and Cheng Hung Man from Hong Kong.
OFAC has also sanctioned Sim Hyon Sop, who recently moved to China and worked for the Korea Kwangson Banking Corp. The bank was formerly designated for offering financial services support to two other institutions known for proliferating WMD. According to the press release, Wu helped Lazarus Group convert stolen crypto worth millions of dollars into fiat in 2021, while Cheng aided Wu by making payments to receive cryptocurrency on behalf of the group. The PR states:
“Frequently, DPRK actors use these networks of OTC traders, including People’s Republic of China (PRC)-based OTC traders, to conduct transactions on their behalf to avoid detection by financial institutions or competent authorities.”
Sim, on the other hand, “coordinated millions of dollars in financial transfers for the DPRK.” The Treasury Department added that the bank official received funds from information technology workers with fraudulent jobs abroad. Moreover, Sim directed Wu, Cheng, and other OTC traders to transfer stolen crypto to front companies that would pay for goods, including tobacco and communication devices, in fiat on behalf of the DPRK.
Following the OFAC sanctions, properties owned by Wu, Cheng, and Sim are blocked, and individuals or foreign institutions that have carried out certain transactions with the designated individuals may also face sanctions.
According to a statement from Brian E. Nelson, Under Secretary of the Treasury for Terrorism and Financial Intelligence:
“The DPRK’s use of illicit facilitation networks to access the international financial system and generate revenue using virtual currency for the regime’s unlawful weapons of mass destruction(WMD) and ballistic missile programs directly threatens international security.”
Lazarus Group is under the DPRK’s Reconnaissance General Bureau
The OFAC announcement also stated that Lazarus Group is controlled by the DPRK’s Reconnaissance General Bureau (RGB), the country’s primary intelligence organization. The group is infamous for various cryptocurrency-related hacks.
Lazarus Group is said to be behind the biggest crypto hack in history involving the Ronin Network, resulting in losses of $620 million. In February 2023, a report by blockchain security company Chainalysis claimed that the cybercriminal group stole about $1.7 billion worth of cryptocurrency in 2022.
