DoJ Seizes $500K in Crypto and Fiat From North Korean Hackers

  • The North Korean hackers drew the attention of the U.S. Department of Justice back in May 2021, when a Kansas hospital reported paying $100,000 ransomware payment in BTC.
  • The DoJ was able to trace the ransomware payments to China-based money launderers, as well as uncover a new type of ransomware used to target U.S. health care providers.
Sign of the Department of Justice (DOJ) in Washington, DC

Sign of the Department of Justice (DOJ), Washington, DC, September 10, 2016. Mark Van Scyoc/Shutterstock

The U.S. Department of Justice (DoJ) has seized around $500,000 in crypto and fiat from a hacking group connected to the North Korean government, the DoJ said in a press release on 19 July.

According to the announcement, the Federal Bureau of Investigation (FBI) and the DoJ had successfully disrupted a “North Korean state-sponsored group” that used ransomware to attack U.S. medical facilities. The two agencies were able to trace ransom payments made by medical facilities in Kansas and Colorado through the blockchain, which resulted in the seizure of $500,000 in crypto and fiat from China-based money launderers hired by the North Koreans. Deputy Attorney General Lisa O. Monaco said in a statement:

“Thanks to rapid reporting and cooperation from a victim, the FBI and Justice Department prosecutors have disrupted the activities of a North Korean state-sponsored group. We were also able to identify a previously unidentified ransomware strain. The approach used in this case exemplifies how the Department of Justice is attacking malicious cyber activity from all angles to disrupt bad actors and prevent the next victim.”

The hacker group drew the attention of the DoJ and FBI in May last year, when an unnamed medical provider in Kansas reported it had made a ransomware payment of $100,000 worth of Bitcoin (BTC) to regain access to its systems. Through its investigation, the FBI was able to identify a “never-before-seen North Korean ransomware”, as well as track the crypto transactions to China-based money launderers. Following that incident, the FBI observed a $120,000 BTC payment from a medical provider in Colorado, which resulted in the agency seizing two crypto accounts.

Hacking groups connected to North Korea have been responsible for a number of crypto-related cyber attacks. Back in April, the U.S. Treasury Department was able to connect a North Korean hacker group known as Lazarus to the Axie Infinity Ronin bridge exploit, which saw $625 million being stolen from the platform.

Related Coverage
DoJ Cracks Down on $1.1M NFT Rug Pull
  • The founders of NFT project “Frosties”, Ethan Nguyen and Andre Llacuna, were arrested on Thursday and charged for fraud and money laundering.
  • The two individuals, who took off with $1.1 million in January, were preparing to hold another alleged NFT rug pull later this year.
March 25, 2022, 1:35 PM


Tether Executives Investigated for Bank Fraud
  • “People with direct knowledge of the matter” told Bloomberg that Tether executives have received letters informing them of the investigation.
  • The sources also revealed the Department of Justice was looking into a “conduct that occurred years ago, when Tether was in its more nascent stages”.
Chainalysis Helps DOJ Seize More Than $1B In BTC Stolen From Silk Road
  • Agents from IRS-CI used Chainalysis tools and managed to identify Individual X, from whom the funds were seized.
  • The civil complaint is a mere standard procedure aiming to prove that the seized assets are subject to forfeiture.