DOJ N. Korea Complaint Illustrates Virtual Currency Laundering Techniques, & US Government, Exchange Responses

The US Attorney’s Office for the District of Columbia’s recent civil forfeiture complaint against virtual currency allegedly stolen or laundered by North Korean actors illustrates money laundering techniques specific to virtual currencies. Just as significantly, the complaint demonstrates methods governments and financial institutions can use to prevent such schemes, or at least catch the perpetrators once the crime has taken place. For those who don’t know, a civil forfeiture action, according to the Department of Justice’s website, is an action “in rem” or “against the property”, where “[t]he property is the defendant and no criminal charge against the owner is necessary.”

In the August 28th, 2020 complaint in United States of America v. 280 Virtual Currency Accounts, the Justice Department alleged North Korean cyber-hackers employed sophisticated techniques to steal and launder virtual currency. In an article analyzing the complaint, JD Supra observes such techniques included the hackers conducting “voluminous transactions (up to 5,000 in one instance),” transferring “funds through multiple countries,” and “chain hopping”, which the complaint defines as the “tactic of moving [funds] between different types of virtual currencies” (here is a visual showing chain hopping). JD Supra also notes the North Korean affiliated hackers “falsified KYC data to successfully deposit . . . stolen cryptocurrency at an exchange”, and then “converted stolen cryptocurrency to fiat using over-the-counter (OTC) traders in China that were operating in the United States as unregistered foreign-located money services businesses.” Clearly this was a complex scheme involving multiple techniques across a number of jurisdictions.

Some of the North Koreans’ tactics, however, are well-known. Attempts to liquidate funds with OTC brokers is an “old” money laundering technique, according to Chainalysis. “OTC brokers”, Chainalysis writes, “facilitate trades between individual buyers and sellers who can’t or don’t want to transact on an open exchange. OTC brokers are typically associated with an exchange but operate independently.” It is a common step for launderers of cryptocurrency to turn to OTC brokers when trying to convert large sums of virtual currency.

The complaint also gives insight into how government investigators were able to track the North Koreans. As the complaint details, Bitcoin and Ethereum transactions are “pseudonymous”, not anonymous, with each transaction “referenced by a complex series of numbers and letters” contained on a public ledger, the blockchain. However, the complaint says, “it is often possible to determine the identity of an individual involved in [Bitcoin] and [Ethereum] transactions through several different tools.” “Law enforcement [can use] commercial services offered by several different blockchain-analysis companies to investigate virtual currency transactions” and can often identify who is involved in the transaction. Law enforcement is thus able to “create large databases that group transactions into “clusters” through analysis of data underlying the virtual currency transactions.” Such analysis is critical in unraveling sophisticated money laundering schemes involving virtual currencies such as what the North Korean actors are alleged to have undertaken.

Of course, the complaint mentions, cryptocurrency exchanges played a large role in thwarting the North Korean money laundering activity, cooperating with investigators, and freezing assets when transaction monitoring tools revealed the virtual currency originated in a hack of another exchange. Chainalysis’ discussion of the complaint notes that, “while law enforcement is capable of tracing funds through chain hopping transactions, exchanges can prevent those transactions from even happening with the right monitoring tools. The more exchanges that incorporate those tools into their compliance programs, the fewer options hacking groups like [the North Korean actors] have to launder and liquidate stolen funds.” “The case shows yet again that the cryptocurrency industry and government can work together to prevent bad actors from exploiting cryptocurrencies for their own gain, despite their constantly advancing techniques.”