Two Chinese Charged for Aiding North Korean Crypto Theft

The Department of Homeland Security (DHS), in conjunction with the Internal Revenue Service (IRS) and the Federal Bureau of Investigation (FBI), recently identified two Chinese individuals involved in the theft of about $250 million worth of digital money from an unknown exchange.

The two individuals were identified as Tian Yinging, and Li Jiadong helped Korean hackers launder funds stolen from crypto exchanges. In a twist, however, the two found themselves in a privileged position given that the US is unable to extradite them from their home country to face the law.

Legal Speed Bump

This legal speed bump has happened despite American agencies providing comprehensive records proving expressly and showing evidence that the two schemers were behind the digital raid. Aside from facilitating the money laundering scheme, the two are also accused of running an exchange platform without any licenses.

How it Happened

The grand scheme involving the Chinese believed to have happened between December 2017 and April 2019. A well designed and highly effective malware rapidly compromising and gaining control of an anonymous exchange platform is confirmed to be the ingenious waft of the wand that triggered the whole process.

After neutralizing the platform’s security protocol, the malware then proceeded to siphon out all the private keys belonging to the users of the exchange. The actors behind the malware then moved to withdraw all the assets through Bitcoin, Ethereum, Litecoin, and Dogecoin.

The entry point of the malware was later identified to be through an email sent to one of the exchange’s employees. A sum of $250 million worth of cryptocurrency was nabbed with the specific units being $94 million in Bitcoin (10,777 BTC), $131 million in Ethereum (218,780 ETH) and the deficit belonging to other digital tokens.

Using specialized mixing and tumbling techniques, the attackers managed to obscure their operation from any external suspicion. They made many consecutive complex transactions through various accounts, thereby blurring the address path of the digital assets.

Celas, the Unregulated Exchange

The hacker group is then traced to have invested half of the stolen digital assets in their exchange platform, which they called Celas.

When cybersecurity experts later investigated the exchange platform, it was discovered to have malicious intent in that it collected private data such as passwords and private keys. It was mainly a smoking mirror for phishing malware.

Celas was not shy in marketing. Reports gather that it sent many potential customers emails in the pretense of being a security download in a bid to lure users.

The attackers operating it even went so far as to register many fake accounts in its database and other social media platforms to make it seem more credible and believable.

The Department of Homeland Security (DHS), in conjunction with the Internal Revenue Service (IRS) and the Federal Bureau of Investigation (FBI), recently identified two Chinese individuals involved in the theft of about $250 million worth of digital money from an unknown exchange.

The two individuals were identified as Tian Yinging, and Li Jiadong helped Korean hackers launder funds stolen from crypto exchanges. In a twist, however, the two found themselves in a privileged position given that the US is unable to extradite them from their home country to face the law.

Legal Speed Bump

This legal speed bump has happened despite American agencies providing comprehensive records proving expressly and showing evidence that the two schemers were behind the digital raid. Aside from facilitating the money laundering scheme, the two are also accused of running an exchange platform without any licenses.

How it Happened

The grand scheme involving the Chinese believed to have happened between December 2017 and April 2019. A well designed and highly effective malware rapidly compromising and gaining control of an anonymous exchange platform is confirmed to be the ingenious waft of the wand that triggered the whole process.

After neutralizing the platform’s security protocol, the malware then proceeded to siphon out all the private keys belonging to the users of the exchange. The actors behind the malware then moved to withdraw all the assets through Bitcoin, Ethereum, Litecoin, and Dogecoin.

The entry point of the malware was later identified to be through an email sent to one of the exchange’s employees. A sum of $250 million worth of cryptocurrency was nabbed with the specific units being $94 million in Bitcoin (10,777 BTC), $131 million in Ethereum (218,780 ETH) and the deficit belonging to other digital tokens.

Using specialized mixing and tumbling techniques, the attackers managed to obscure their operation from any external suspicion. They made many consecutive complex transactions through various accounts, thereby blurring the address path of the digital assets.

Celas, the Unregulated Exchange

The hacker group is then traced to have invested half of the stolen digital assets in their exchange platform, which they called Celas.

When cybersecurity experts later investigated the exchange platform, it was discovered to have malicious intent in that it collected private data such as passwords and private keys. It was mainly a smoking mirror for phishing malware.

Celas was not shy in marketing. Reports gather that it sent many potential customers emails in the pretense of being a security download in a bid to lure users.

The attackers operating it even went so far as to register many fake accounts in its database and other social media platforms to make it seem more credible and believable.

The cybersecurity team managed to beat the hackers and gain access to the website, which was heavily concealed in layers of VPN. This case is just but an additional file on the heap given that the global economy is at risk due to the frequency of such cyber attacks.

About chainsoff.

Intelligence Media Service, Monitors and Analyzes Extremists’ activities, including and not limited to: The Muslim Brotherhood, Kurdish Terrorism, Syrian Politics, Jabhet Al-Nusra, Hezbollah, Cyber Crime, and Taliban activities in Syria. Well known for her deep knowledge on Terrorism. Open Source Exploitation expert in the discovery, collection, and assessment of foreign-based publicly available information, also known as Open Source Intelligence (OSINT), HIMNT
This entry was posted in CYBER CRIME and tagged , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s