DoJ Seizes $500K in Crypto and Fiat From North Korean Hackers

  • The North Korean hackers drew the attention of the U.S. Department of Justice back in May 2021, when a Kansas hospital reported paying $100,000 ransomware payment in BTC.
  • The DoJ was able to trace the ransomware payments to China-based money launderers, as well as uncover a new type of ransomware used to target U.S. health care providers.
Sign of the Department of Justice (DOJ) in Washington, DC

Sign of the Department of Justice (DOJ), Washington, DC, September 10, 2016. Mark Van Scyoc/Shutterstock

The U.S. Department of Justice (DoJ) has seized around $500,000 in crypto and fiat from a hacking group connected to the North Korean government, the DoJ said in a press release on 19 July.

According to the announcement, the Federal Bureau of Investigation (FBI) and the DoJ had successfully disrupted a “North Korean state-sponsored group” that used ransomware to attack U.S. medical facilities. The two agencies were able to trace ransom payments made by medical facilities in Kansas and Colorado through the blockchain, which resulted in the seizure of $500,000 in crypto and fiat from China-based money launderers hired by the North Koreans. Deputy Attorney General Lisa O. Monaco said in a statement:

“Thanks to rapid reporting and cooperation from a victim, the FBI and Justice Department prosecutors have disrupted the activities of a North Korean state-sponsored group. We were also able to identify a previously unidentified ransomware strain. The approach used in this case exemplifies how the Department of Justice is attacking malicious cyber activity from all angles to disrupt bad actors and prevent the next victim.”

The hacker group drew the attention of the DoJ and FBI in May last year, when an unnamed medical provider in Kansas reported it had made a ransomware payment of $100,000 worth of Bitcoin (BTC) to regain access to its systems. Through its investigation, the FBI was able to identify a “never-before-seen North Korean ransomware”, as well as track the crypto transactions to China-based money launderers. Following that incident, the FBI observed a $120,000 BTC payment from a medical provider in Colorado, which resulted in the agency seizing two crypto accounts.

Hacking groups connected to North Korea have been responsible for a number of crypto-related cyber attacks. Back in April, the U.S. Treasury Department was able to connect a North Korean hacker group known as Lazarus to the Axie Infinity Ronin bridge exploit, which saw $625 million being stolen from the platform.

Related Coverage
Former Coinbase Product Manager Given 2 Years in Prison for Insider Trading
  • Ishan Wahi was sentenced to 24 months in prison for his illegal use of confidential information he obtained during his time at Coinbase.
  • Wahi, his brother, and a friend, had allegedly made around $1.5 million between June 2021 and April 2022 by purchasing digital assets before their Coinbase listing was announced.
May 10, 2023, 8:48 AM


DoJ Indicted Forsage Founders for $340M DeFi Ponzi Scheme
  • The DoJ discovered the Forsage used smart contracts with coding consistent of a Ponzi scheme, and charged its four founders with conspiracy to commit wire fraud.
  • The U.S. SEC charged nearly a dozen individuals involved in the DeFi platform in August 2022, while the Philippines SEC flag Forsage as a Ponzi scheme back in 2020.
DoJ Seizes 55M Robinhood Shares Connected to Sam Bankman-Fried
  • The U.S. Department of Justice has seized close to $470 million in Robinhood stock, and an additional $20 million in U.S. currency, as part of its criminal case against Sam Bankman-Fried.
  • Lawyers for SBF argued last week that the Robinhood shares were bought legitimately by SBF, using money borrowed from Alameda, and that he was relying on them to fund his defense.