Stay informed with free updates
US authorities are turning the screws on a sprawling criminal network accused of using stolen cryptocurrencies to fund North Korea’s nuclear weapons programme.
A group under sanctions linked to North Korea allegedly stole about $620mn in a 2022 cryptocurrency hack, US prosecutors intend to show in an upcoming trial, illustrating its reach in digital currency. The US Treasury department recently said it would blacklist a Cambodian financial conglomerate for allegedly laundering stolen digital currency for the shadowy group.
The efforts are the latest to focus on the activities of the Lazarus Group, which US authorities suspect of pilfering billions of dollars over nearly two decades to fund the North Korean regime’s nuclear programme.
Prosecutors and defence lawyers are clashing over how much of the evidence in the money laundering case, involving a crypto service called Tornado Cash, can be shown to jurors, court filings show. Defence lawyers are seeking to block references to the Lazarus Group from the trial, saying it would be unfair to the defendant. Prosecutors allege the crypto wallet that the stolen funds went into was linked to the group.
Lazarus Group has been associated with some of the most infamous digital heists in recent history, including the theft of $81mn from Bangladesh’s account at the Federal Reserve Bank of New York to the global “WannaCry” ransomware attack and the cyber attack on Sony Pictures in retaliation for its production of the movie The Interview.
The US placed the group under sanctions in 2019.
An enforcement unit of the Treasury department has also recently taken aim at Lazarus, noting it has used the Cambodia-based Huione Group, a banking conglomerate, to launder $4bn in stolen digital funds.
“Huione Group serves as a critical node for laundering proceeds of cyber heists carried out by the Democratic People’s Republic of Korea,”
FinCEN said, adding it would sever Huione’s access to the US financial system.
In 2023, the justice department charged Roman Storm, a co-founder of Tornado Cash, which obscured the history of blockchain transactions, with knowingly facilitating the laundering of more than $1bn in criminal proceeds via his platform.
Storm and other Tornado Cash co-founders, prosecutors alleged, believed the Lazarus Group was responsible for hacking the Ronin Network underpinning Axie Infinity, a blockchain-based video game. The co-founders also allegedly thought the funds might be used for North Korea’s programme for weapons of mass destruction, the DoJ added.
Lawyers for Storm, who has pleaded not guilty and will face trial this month, said the Lazarus Group references should be blocked for lack of evidence and relevance, according to court filings.
They said Storm was not charged with hacking, “nor is he alleged to have conspired with or have any ties to the Lazarus Group”, according to a court filing.
The justice department also charged another Tornado Cash co-founder, Roman Semenov, who remains at large.
A lawyer representing Storm declined to comment.
North Korea has become a leading force in international cyber crime, with US law enforcement treating it as one of the major global cyber threats alongside Russia, China and Iran. The regime is believed to misappropriate digital assets to support its illicit programmes for ballistic missiles and weapons of mass destruction, according to the US Treasury.
“Lazarus Group has repeatedly victimised both the users and developers of digital assets technologies for purposes of funding the DPRK regime’s malign activities,” the justice department said in a statement.
Victor Cha, president of the geopolitics and foreign policy department and Korea chair at the Center for Strategic and International Studies, said North Korea’s estimated haul of $1.34bn in stolen cryptocurrency last year was a “record”, leading to “concerns about proceeds being used for weapons proliferation financing”.