If you can’t arrest them, you might as well publicly call them out.
The Department of Justice unsealed a wide-ranging indictment Wednesday, detailing an effort by three North Korean state-affiliated hackers to steal more than $1.3 billion in money and cryptocurrency over the past few years. The schemes, as the DOJ lays out, included fake crypto apps riddled with backdoors that netted the attackers millions.
Oh, and of course a fraudulent blockchain company played a role.
The DOJ points its finger at three hackers: Jon Chang Hyok, 31; Kim Il, 27; and Park Jin Hyok, 36. It claims they worked for a military intelligence arm of the Democratic People’s Republic of Korea, and that all three of them were involved in the 2014 Sony hack. In a press release detailing the indictment, Assistant Attorney General John C. Demers emphasized (albeit in a rather dramatic fashion) the scale of the alleged crime spree.
“As laid out in today’s indictment, North Korea’s operatives, using keyboards rather than guns, stealing digital wallets of cryptocurrency instead of sacks of cash, are the world’s leading bank robbers,” he explained.
Indeed, no guns were required to launch the Marine Chain Token and corresponding ICO — a 2017 and 2018 effort to supposedly “enable investors to purchase fractional ownership interests in marine shipping vessels, supported by a blockchain, which would allow the DPRK to secretly obtain funds from investors, control interests in marine shipping vessels, and evade U.S. sanctions.”
And guns weren’t required to develop the scores of cryptocurrency applications — Celas Trade Pro, WorldBit-Bot, iCryptoFx, Union Crypto Trader, Kupay Wallet, CoinGo Trade, Dorusio, CryptoNeuro Trader, and Ants2Whale — used to gain access to victims’ computers.
In addition to cryptocurrency schemes, the indictment alleges the three men attempted to steal $1.2 billion from banks in Vietnam, Bangladesh, Taiwan, Mexico, Malta, and Africa over the course of four years starting in 2015.
If caught and convicted, the men face some serious jail time. Specifically, they’re charged with conspiracy to commit computer fraud and abuse, and conspiracy to commit wire fraud and bank fraud. The former has a maximum sentence of five years; the latter, 30.