New Threat Research: Uncovering Adversarial LDAP Tradecraft

Read Threat Research


Department of Justice Files Lawsuit to Recover Funds Stolen by North Korean Hackers

North Korea: The US Department of Justice (DOJ) has filed a lawsuit to take control of 280 Bitcoin and Ethereum accounts in connection with funds stolen by North Korean hackers. The documents filed by the DOJ did not specify which exchanges were hacked to steal the funds involved in the suit but did specify that the hacks took place on July 1st, 2019 and September 25th, 2019. The first incident involved the theft of numerous altcoins, or non-mainstream cryptocurrencies, totaling $272,000 USD. The second attack stole “multiple various currencies” totaling more than $2.5 million USD. Following the theft of the funds, the North Korean hackers attempted to use a technique called “chain hopping,” or blockchain hopping, to hide the funds. Chain hopping involves transferring cryptocurrency through multiple different currencies in an attempt to break the blockchain and keep law enforcement from being able to trace the stolen funds. Even with the use of chain hopping, the exchanges involved in the movement of the funds were able to keep track of the stolen cryptocurrency. The funds eventually ended up in 280 different Bitcoin and Ethereum wallets, the majority of which have been frozen by the exchanges housing them. According to the DOJ, these cryptocurrency thefts are connected to other North Korean hacks and money laundering operations discovered back in March of 2019. This is the same operation that involved two Chinese nationals who were accused of helping North Korean hackers launder funds through China.

Analyst Notes

Many cyber-criminals have long believed that chain hopping makes it impossible to trace funds. While it certainly does increase the difficulty in tracking the funds, this instance proves that when exchanges are willing to work together, chain hopping is not a foolproof way to hide funds. Once an exchange freezes an account it not only keeps the funds from being able to be transferred into another account, but it also keeps the funds from being exchanged for fiat currency, or real currency, which would make it even easier to launder and hide. Continued sanctions and embargos against North Korea have made the hermit kingdom even more desperate to carry out financially based cyber-attacks to keep their government and economy afloat. More information on this topic can be found at: