According to a newly unsealed court document, the illicit funds originated from a $250 million haul stolen from two different unnamed cryptocurrency exchanges that were perpetrated by Lazarus Group, a cybercrime group with ties with the North Korean government.
The two individuals in question — Tian Yinyin (田寅寅) and Li Jiadong (李家东) — were both charged with operating an unlicensed money transmitting business and money laundering conspiracy.
Prosecutors said the defendants worked on behalf of the threat actors based in North Korea to allegedly launder over a $100 million worth of stolen cryptocurrency to obscure transactions, adding the hacking of cryptocurrency exchanges posed a severe threat to the security of the global financial system.
It's worth noting that Lazarus Group was one among the three hacking outfits to be sanctioned by the US government last September for conducting a variety of financially-motivated operations ranging from cyber-espionage to data theft, so as to fund the country's illicit weapon and missile programs.
Per the US Treasury, the Lazarus Group stole the funds in 2018 after an employee of a cryptocurrency exchange unwittingly downloaded malware through an email, which gave the threat actor access to private keys, virtual currency, and other customer information.
"Lazarus Group cyber actors used the private keys to steal virtual currencies (250 million dollar equivalent at date of theft) from this exchange, accounting for nearly half of the DPRK's estimated virtual currency heists that year." the Treasury said.
While the name of the exchange remains unknown, a report by Kaspersky back in August 2018 detailed a campaign that involved dropping malware in the corporate networks of a number of crypto-exchanges by sending spear-phishing emails.
Stating that North Korea trains hackers to "target and launder stolen funds from financial institutions," the Treasury added that both Tian and Li received $91 million from North Korea-controlled accounts that can be traced back to the 2018 cryptocurrency exchange hack and an additional $9.5 million from a hack of a second exchange.
Prosecutors said the two individuals helped convert more than $34 million of the illicit funds they received back into Chinese yuan by moving them to a bank account linked to the exchange account, in addition to converting $1.4 million worth of cryptocurrency into Apple gift cards.
Created in 2007, the Lazarus Group has gone after a number of targets, including militaries, governments, financial institutions, media companies, and utility sectors, to perpetrate monetary heists and destructive malware attacks, making it the most-profitable cryptocurrency-hacker syndicate in the world.
A United Nations report last August estimated North Korea to have generated an estimated $2 billion for its weapons programs through "widespread and increasingly sophisticated cyberattacks" targeting banks and cryptocurrency exchanges.