The United States Treasury Department has identified over-the-counter (OTC) cryptocurrency traders who assisted North Korea’s Lazarus Group in converting stolen crypto into fiat currency. Crypto traders in China and Hong Kong have been sanctioned by the Treasury’s Office of Foreign Assets Control (OFAC). In addition, a China-based banker was sanctioned for coordinating some of the illicit cashflow.
Wu Huihui was sanctioned by OFAC for “providing material support to the Lazarus Group,” the North Korean hacker group known for some of the biggest exploits in crypto. According to a statement released by the Treasury Department on April 24, Wu, based in China, converted millions of dollars’ worth of crypto into fiat currency for North Korean “cyber actors” in multiple transactions in 2021.
The Chinese government severely restricts operations with cryptocurrency, but OTC transactions are still possible. The Treasury said in its statement:
“Frequently, DPRK [Democratic People’s Republic of Korea] actors use […] networks of OTC traders, including People’s Republic of China (PRC)-based OTC traders, to conduct transactions on their behalf to avoid detection by financial institutions or competent authorities.”
Cheng Hung Man, a Hong Kong-based British national, was sanctioned for providing material support to Wu. He allegedly helped Wu access the U.S. financial system using front companies to avoid detection.
Sim Hyon Sop, a North Korean living in China, is a deputy representative of the Korea Kwangson Banking Corp. He was sanctioned for allegedly coordinating financial transfers from traders, including Wu and Cheng, that eventually ended up supporting North Korea’s weapons of mass destruction and ballistic missile programs.
— Jay “TechAdept” Laurence (@TechAdeptRDD) April 24, 2023
The Justice Department has also announced that it has unsealed two indictments against Sim, charging him with conspiring with OTC traders to use stolen funds to buy goods for North Korea and North Korean IT workers to generate income through illegal employment in the United States. Federal indictments were returned for Wu, Cheng and Sim on April 18. The Treasury noted that the Federal Bureau of Investigation and the South Korean government were involved in the investigation.
Tobacco products and communications devices were also listed as goods North Korea obtains with fiat derived from crypto exploits. The Lazarus Group has been linked to the Harmony Bridge hack, the Ronin Bridge hack and other major exploits.