Hong Kong customs authorities have arrested four people in connection with a suspected $155 million money laundering scheme using the cryptocurrency Tether.
According to reports in Bloomberg and local media, four men aged between 24 and 33 were arrested in an operation called “Coin Breaker.”
Hong Kong customs officials told the media that the men had opened various bank accounts and then made transactions in Tether – the biggest stablecoin – through a crypto exchange, outlets reported. The transactions involved HK$1.2 billion of cryptocurrency, worth roughly $155 million.
The officials said it was the first time they had detected a suspected money laundering scheme that used digital currency. They did not name the crypto trading platform involved. Insider has contacted the Hong Kong customs office.
Cryptocurrencies have long been used in crime, thanks to the fact that they can be used anonymously and are hard to trace.
On Friday, the US District Court in Seattle said a 33-year old identity thief who used bitcoin to avoid detection was sentenced to three years in prison.
And on Tuesday, London’s Metropolitan Police said it had seized $249 million worth of cryptocurrency in a suspected money laundering case.
Top lawmakers have repeatedly raised concerns about crypto crime. US Treasury Secretary Janet Yellen in January suggested “curtailing” cryptocurrencies saying: “Many are used – at least in a transaction sense – mainly for illicit financing.”
In Hong Kong, as in the UK, crypto companies have to register with the financial watchdog for anti-money laundering purposes.
Police in the UK following a criminal investigation took hold of about £180 million in cryptocurrency, with the seizure topping a record amount made just weeks before by law enforcement.
Metropolitan Police on Tuesday said detectives with its Economic Crime Command received intelligence about the transfer of criminal assets, leading to the July 10 discovery of nearly £180 million ($249 million) worth of cryptocurrency. The Met didn’t specify the type of cryptocurrency that was seized. The detectives have been focusing on an ongoing investigation into a suspected international money laundering.
A 39-year-old woman was arrested on suspicion of money laundering offenses on June 24, the Met said, adding that she was released on bail.
The same team of detectives on June 24 seized £114 million in cryptocurrency – then a record amount – as part of their probes.
“Proceeds of crime are laundered in many different ways. While cash still remains king in the criminal world, as digital platforms develop we’re increasingly seeing organized criminals using cryptocurrency to launder their dirty money,” said Graham McNulty, the Met’s deputy assistant commissioner, in a statement.
Police said the investigation has been complex and wide-ranging and will continue for months to identify the people at the center of the money-laundering ring.
Meanwhile, in the US, a “prolific identity thief” who fraudulently used credit cards, pocketed $500,000, and bought bitcoin has been sentenced to three years in prison, according to the federal court in Seattle.
The US government arm for tackling financial crimes has hired its first cryptocurrency chief, as it takes aim at illicit activity that has involved digital assets.
The Financial Crimes Enforcement Network (FinCEN) said on Tuesday it had hired Michele Korver as its first chief digital currency advisor.
FinCEN’s role is to clamp down on financial crimes like money laundering, and Korver will focus on fulfilling this mission in the digital space.
“Michele brings a wealth of digital currency expertise, and will be a tremendous leader in co-ordinated efforts to maximize FinCEN’s contribution to the innovative potential for financial expansion of opportunity, while minimizing illicit finance risk,” FinCEN acting director Michael Mosier said in a statement announcing the hire.
The US was home to more crypto-related criminal activity in 2020 than anywhere else, Chainalysis said in a February report that covered ransomware and money laundering, among other areas. According to the crypto research firm, most cryptocurrency linked to illicit addresses in the US came from scams.
Korver is no stranger to crimes in the digital space as she served in the Digital Currency Council for the Department of Justice for three years up until this month. In her role there, she advised government attorneys, federal agents and other bureaus nationwide on digital currencies as well as developed policy on cryptocurrency seizures.
At the DOJ, Korver wrote or contributed to three papers on digital currency, including one on enforcement . In a paper earlier this year, she wrote about how cryptocurrencies are a unique money-laundering tool because they are decentralized and can keep identities hidden.
Money laundering in the crypto space typically involves criminals sending illicit proceeds to exchanges that are regarded as being risky, or less reputable than well-established ones. There, the funds end up in deposit addresses that are usually controlled by cyber criminals, according to Chainalysis.
Many people think bitcoin transactions can be anonymous or untraceable, but they’re misunderstanding how the process works, Ben Weiss, CEO of crypto ATM operator CoinFlip, said at a webinar on digital assets this week.
“It’s not anonymous. It’s pseudo-anonymous. You can’t buy any large amount of bitcoin without KYC or ID or driver’s licenses,” he said, referring to “know your customer” and similar identification checks.
“Bitcoin is actually more transparent in many ways than typical things in the financial system,” he added.
The perception is that because the digital currency is often associated with illegal activity, then it must shield the identity of the user. But that is not true, Weiss said.
The bitcoin addresses may not have names registered to them, but in practice, they can be linked to real-world identities, he noted. That’s because every investor is required to log their personal information before they buy the cryptocurrency.
What isn’t well-known is that relevant enforcement agencies can track down bitcoin purchases, if they are prepared to put in sufficient effort, Weiss said.
That’s why one of the most stupid things anyone could do would be to attempt to launder dirty money using bitcoin, Weiss said. The US government can track bitcoin transactions with the help of blockchain analysts and through serving seizure warrants authorized by district courts, he said.
“You’re really playing with fire if you tried to today,” he said, adding that bitcoin transactions are more traceable than cash.
Tax is one area where some people are still learning that they are out in the open when it comes to cryptocurrency transactions. Many US taxpayers may not realize that if they fail to report crypto assets when filing their annual returns, these may be discovered and there may be consequences. Transactions on the blockchain are not hidden, and the records are public.
To hunt out unreported crypto-related income, the US Internal Revenue Service has launched “Operation Hidden Treasure“. A dedicated team of IRS criminal investigation professionals is seeking out and targeting taxpayers who are not listing cryptocurrency transactions on their tax returns.
A former senior advisor in the Obama White House allegedly stole more than $200,000 from a charter school network he founded and tried to launder the stolen money in order to get a lower interest rate on a Manhattan apartment mortgage, according to the Department of Justice.
Seth Andrew, 42, who worked as a senior advisor in the Office of Educational Technology at the White House under Obama, was arrested and charged Tuesday with wire fraud, money laundering, and making false statements to a bank.
Andrew founded Democracy Prep Public Schools, a system of more than 20 New York City-based public charter schools in 2005, according to federal prosecutors. He left the network in 2013 to take a job at the US Department of Education before heading to the White House, where he stayed until November 2016.
In a criminal complaint unsealed Tuesday, prosecutors allege that between March and August 2019 Andrew, after cutting ties with Democracy Prep Public Schools in January 2017, used his former connection to the schools to steal $218,005 of the network’s reserve money by giving his school-affiliated email to a bank employee in an attempt to convince them he was still associated with Democracy Prep.
Prosecutors say Andrew drew funds from escrow accounts he had previously set up for individual schools within the charter school network. He then allegedly used that money to open a business account in the name of a Democracy Prep school at a bank.
According to the complaint, Andrew “attempted to conceal… the source of the stolen funds…and make it appear that the stolen funds belonged to a non-profit organization that Andrew founded, and currently appears to control.”
In a Tuesday email to Democracy Prep parents obtained by CNN, CEO Natasha Trivers said the charter school network alerted authorities as soon as it learned about the unauthorized withdrawals.
“Seth left our network in 2013. His alleged actions are a profound betrayal of all that we stand for and to you and your children, the scholars and families that we serve,” Trivers’ email reportedly said. “To be clear, at no time did the alleged crimes pose any risk to our students, staff or operations in any way.”
The alleged fraud, money laundering, and “misrepresentations” were all an attempt by Andrew to obtain savings on a mortgage for a multimillion-dollar Manhattan apartment, prosecutors said. Without the stolen Democracy Prep funds, prosecutors say Andrew would not have been able to take full advantage of the bank’s discounted interest rate promotion.
At a Tuesday appearance in court, a judge ordered Andrew released on a $500,000 personal recognizance bond according to CNBC.
An attorney for Andrew told the outlet he will plead not guilty.
The Department of Justice said last month that North Korea has used cyberattacks to steal over $1 billion since 2015 to fund its nuclear weapons program.
Heavy sanctions, imposed by both the US and the UN, prevent North Korea from participating in the formal global economy. The regime often circumvents these sanctions, mostly through secretive ship-to-ship transfers of luxury goods, chemicals, and coal, which is North Korea’s primary export.
North Korea’s nuclear program is essential to the Kim regime, and it devotes all the resources it can to increasing and improving its arsenal. The rise of digital currencies has created new opportunities to acquire funds for that effort.
To understand how the regime perpetrates financial crimes online and the threat it poses, Insider spoke with Jason Bartlett of the Center for a New American Security.
Insider: Let’s start with an overview of how North Korea avoids sanctions. In my mind, there are three main ways: Through traditional over-land means, hacking, and cryptocurrency.
Jason Bartlett: Over the years we’ve seen a heavier focus on cyber-enabled financial crime that benefits North Korea’s nuclear weapons.
That includes hacking of cryptocurrencies like Bitcoin and more distribution of malware. There was the WannaCry cyber attack, there was the online bank heist in 2016 of a Bangladesh bank. South Korea experiences numerous cyber attacks against its ATMs and other financial institutions.
We’re also seeing reports coming out that North Korea may have been able to hack cryptocurrency through DeFi, decentralized finance platforms, which is a new field for them.
Insider: Has the proportion of sanctions evasions through online means, compared to overland and ship-to-ship transfers, increased recently, especially after coronavirus?
Bartlett: Time will tell. One of the issues with cybercrime is it is very high gains with low risk, because it is hard to be detected, as we see some of the most high-profile attacks. The SolarWinds attack, by allegedly Russia, we found out about that very late, so there might be other hacks that North Korea has already been doing that we’re unaware of.
I would not be surprised if we see that there has been an increase in North Korean state-sponsored cybercrime during coronavirus. One, because of the original track that North Korea was making already with increased online activity, increased cyber-enabled financial crime. Just because of the nature of the world today there’s more financial transactions, more people are shifting to conducting their business online and more financial institutions and services are adopting BitCoin and other cryptocurrencies.
But I’m sure that this shift has also been heavily contributed [to] by coronavirus in terms of people relying more on virtual transactions and digital currencies.
Insider: How does North Korea target crypto exchanges?
Bartlett: As far as we know, North Korea has several different cyber-crime forces within its intelligence bureaus. There’s the Lazarus group, and there’s sub-units within that. Some are just cyber, and some within the cyber field focus more on things like espionage, compared to petty financial crime. We don’t know exactly which groups are primarily responsible for which ones – we have ideas.
When it comes to smaller transactions, there are so many loopholes in the cryptocurrency exchanges, and in DeFi because it is not regulated. These transactions never go through human hands or human scrutiny. Everything is automated. If you’re able to break into that system, and you’re able to manipulate the currency price, which is what North Korea allegedly did recently, then you’re able to hack as many of these transactions as you like, and you can up and lower the price of the cryptocurrency that you’re using to get as much money as possible.
The thing with smaller transactions is that it typically can be easier to steal, because there might not be as many eyes on it, as opposed to some large exchange in New York, or in Bangladesh, or South Korea … if you’re targeting hundreds and hundreds or even thousands of smaller transactions that are all happening at the same time, and then you’re able to just shift the currency as you’re hacking it for money laundering, it’s a very successful way to hack a lot of money at the same time while keeping it below a notification threshold, which is what North Korea tends to be doing.
Insider: How successful is North Korea with this?
Bartlett: They’re successful usually in the hack itself. With North Korea what tends to be more impressive is its money-laundering ability. Just because they hack a certain amount of money doesn’t necessarily mean they will have access to all of that. Sometimes we’re able to freeze the assets, [and] we’re able to get the exchange back.
So if North Korea were to steal $3 million in cryptocurrency, doesn’t necessarily mean that then they’ll be able to turn that into $3 million of cash that they can use for weapons. It needs to go through money laundering, and that’s when the signals can be more detectable. North Korea has gotten significantly better. It’s also received help from abroad. We have the case of the two Chinese nationals that were offering professional money laundering services on behalf of North Korea.
North Korea has incredibly sophisticated hacking techniques, but as a country in itself, economically and technologically, it is not advanced, yet it’s able to perform all these tasks. It’s very impressive, especially when it’s targeting more technologically advanced nations such as the US, the UK, and South Korea.
Insider: In what ways do other countries support these North Korean efforts?
Bartlett: This is also a developing field, but China has had a history of hosting North Korean hackers and hacking groups. There were several hotels in China allegedly hosting North Korean hackers until recently. They were apparently closed down and the hackers were repatriated. But that’s very difficult to check. China doesn’t necessarily abide by all the UN and US resolutions, especially the ones regarding North Korean sanctions.
Russia and China also have a history of evading sanctions targeting North Korean workers abroad. North Koreans have been able to circumvent sanctions, specifically a US resolution that took effect in December 2019 that required UN member states to repatriate all North Korean workers back to their country due to findings that their earnings were going to the nuclear development program.
But recent UN panels, expert reports have shown that these IT workers are still very active in China and Russia. And in the case of the WannaCry attack, there was a North Korean hacker, Park Jin Hyok, who worked in an IT company in China while he was also conducting these cyberattacks against the UK, the US, and various other nations on behalf of North Korea.
There’s also talk of technology exchange. Prior to Covid, there was a lot of student exchange between China and Russia, which obviously doesn’t necessarily mean that there will be information-sharing, but we see [it] at very high-level science and technology universities. China and Russia have a history of providing North Korea with technological infrastructure, internet connection, so there’s both direct and indirect facilitation.
Insider: How do we go from cryptocurrency to, for example, mid-range nuclear missiles?
Bartlett: Just because they hack a very substantial amount of cryptocurrency doesn’t mean they get all the cash. Typically, they’ll turn it into Bitcoin or very commonly used, commonly transacted cryptocurrency. Then they’re able to transfer that into funds, and then they take those funds out and it’s cash.
And from that money, after they go through different money-laundering services – which is basically a way of changing the currency and changing the tracking so that it’s harder to tell where the money’s coming from, where it’s going to, what currency is being used – they’re able to go through exchanges and withdraw that money in cash. Then they’re able to purchase nuclear weapons, pay off other countries or companies that are either helping ship their coal, helping ship some technology to them, or helping ship different parts or chemicals, and pay for oversea exchange.
There are also luxury goods, we see that a lot with Kim Jong Un having these, I think they’re some form of a white stallion, Mercedes-Benz, and things like that. It’s not just unique to North Korea. There’s also countries in Latin America and across the world that hide funds from money laundering in luxury goods that they’re able to keep and then sell.
I believe sometime last year, the Treasury issued one of its first statements about a North Korean art exhibit, and how some of this money that they were receiving for this art exhibit was then being used for its nuclear weapons, or they were hiding money in very expensive art. So it’s a way of holding onto … a reserve, and you can just sell this when you need more funds.
Insider: How are nations like the US, the UK, and the Five Eyes tracking these projects and these crimes?
Bartlett: The Treasury Department – so FinCEN – as well as the Department of Justice, have been working very hard to track the efforts and, for example, to issue charges against North Korean or other nationals that are supporting North Korea’s cyber-enabled financial crime. It’s very difficult, because cyber crime is directly connected to North Korea’s intelligence bureau and its nuclear development program, to know just how sophisticated and just how successful it is.
It’s unique in that it’s one of the only cyber programs in the world that its main goal is not necessarily espionage – that’s only one of them. It’s more about funds for its nuclear program, because nuclear development is a key aspect of North Korea’s political identity.
I think there is starting to be more conversation regarding cyber within the counterproliferation field in the United States. It’s a little overdue, but it’s definitely a step in the right direction. I think, before then, it was separated, or maybe North Korea wasn’t taken as seriously because there’s cyber giants, like China and Russia, that have done successful election intervention and espionage attacks. But stealing money to build up nuclear weapons is a grave national-security concern … I think now [the] US government is beginning to get more research to focus on that field.
The private sector has continued to be very vigilant of North Korean cyber crime. They tend to also be a large target of it. Hopefully now, with this new presidency and a seemingly strong focus on cyber following the SolarWinds hack, following even the GameStop scandal, I think that’s something that the US government is going to be incredibly aware of and how important but how fragile and easy to manipulate virtual currencies can be if they don’t have the proper regulations and if there’s not proper consensus on how these transactions should be conducted.
Insider: How do we keep crypto out of the hands of malicious actors?
Bartlett: I think there needs to be a greater consensus of not just the threat but what resources we already have available to us. I’m not exactly sure how informed cryptocurrency exchanges and companies are of what resources they have available to them … The government and private sector need to come up with a stronger framework to train each other.
Training that financial institutions and banks that work with fiat currency have for anti-money laundering and hacking – I’m not exactly sure if cryptocurrency companies receive that same level of training, in terms of red-flag indicators of financial crime or suspicious activity, how to report, how to freeze, how to track. That would be the first thing, more of an assessment of what do you know, what can you do?
One of the bigger issues is compliance, having not just US companies but also foreign companies being compliant. If US companies are compliant with law, then North Korean actors and other illicit actors will just go to countries and regions that aren’t or don’t have the legal framework. …
Once we establish our own protocols and our own way of doing things, and strengthen our own collaboration with the private sector, then we can export that knowledge, not just to our common actors in the Five Eyes but also with countries predominantly in Southeast Asia where there’s a lot of North Korean hackers. I think it’ll be very difficult to persuade China and Russia to abide by UN and US sanctions, especially cyber, because you have plausible deniability.
Insider: Is there anything we’re doing in terms of retaliation?
Bartlett: A cyberattack against Russia’s online infrastructure in retaliation to SolarWinds, or in retaliation against China – and I’m not condoning this – I’m just saying that attacks like that would typically be a little bit more plausible because the countries are connected to the internet.
That’s not the case for North Korea. North Korea has an intranet; only select individuals, typically in Pyongyang, typically have access to this intranet and cell phones.
So, a direct attack on North Korea’s internet infrastructure won’t really have the same effect that it would on us. That’s not to say it wouldn’t have any effect, but it wouldn’t be as strong as it could against other countries. I think the majority of our retaliation efforts tend to be more of freezing funds and freezing assets, which then ultimately affect the economy, making it harder for North Korea to divest more resources into expanding its cyber crime.
Insider: It seems like North Korea is always working to stay a little bit ahead of sanctions, so assuming that regulations come in under this administration and security is much tighter, how are they going to get around that?
Bartlett: For the past couple years, the US has been playing catch-up with cyber crime, as opposed to “build up against,” so I’m very realistically optimistic in that now, because we have seen, over the years, that the various targets – so, not just North Korean, but Russian and Chinese actors – have on our cyberspace. It ranges from our financial institutions to the security of our citizens and our government, and this is a major threat.
And I think that COVID, because of the shift to more online transactions, more virtual interactions, more widespread adoption of virtual currencies as legitimate forms of payment, there will continue to be a large increase in North Korean cyber crime.
I’m not exactly sure how it will be possible for us to be more ahead of them, because this is a national initiative of North Korea … nuclear weapons, sanctions evasion, and cyber, because it’s high gains with very, very low risk, easy plausible deniability, and you can receive an enormous amount of funds very, very quickly, relatively easily. So I think the next step for us is to really reevaluate our cyber strategy in general, and our cybersecurity – what does cybersecurity really mean for the US …
On the DeFi platform, that is most likely going to be a new field that will have a high level of risk, because there is no human interaction, there’s no regulation, and it’s not surprising that North Korea has already started to exploit that, but it is shocking that they’re able to do so.
And it shows that North Korea’s also thinking ahead, so I wouldn’t be surprised if, in the coming months, there is at least talk of ways to introduce legislation or ways to regulate the DeFi platform, or try to have more coordination with the private sector and with the cryptocurrency companies. In terms of DeFi, in terms of SolarWinds, and as well as GameStop, I’m sure that now the US government is realizing that this is a major threat that we have to address now, because these illicit actors have already begun to exploit this.
This interview was edited and condensed for clarity.