The analytical service CipherTrace presented a detailed analysis of the scheme two Chinese, indicted for their involvement in exchanges hacking in the USA, used to legalize stolen cryptocurrency of more than $100 million in total value.
On March 2, the U. S. Office of Foreign Assets Control (OFAC) charged two Chinese citizens, Tian Yinyin and Li Jiadong, with involvement in the cryptocurrency exchange hacking and their relationships with the Lazarus hacker group, which works for North Korea.
According to U.S. Department of the Treasury’s documents, $234 million in cryptocurrency were stolen from Bitcoin exchanges and more than $100 million of these crypto-assets moved through great deal of accounts in various banks as well through numerous North Korea originated crypto-wallets, which belonged to these PRC’s citizens.
To avoid special attention, Tian Yinyin and Li Jiadong used the so-called “peel chains” (the scheme is to be disclosed further in the post). They managed to be overlooked by the cryptocurrency exchanges KYC Services due to proficient photomontage.
With the help of the “peel chains”, the intruders formed an address chain aimed to receive the stolen cryptocurrency and transfer it to the related addresses. Each transaction balance was redirected to the cryptocurrency exchange.
As a result, the stolen assets were moved through this chain, which contained 146 separate transactions, before it landed in two Bitcoin exchanges.
Tian Yinyin and Li Jiadong also were creative to undergo KYC procedures. It turned out, the identity data didn’t correspond to the persons presented on the photos, in addition, the bodies and heads, presented on the photos downloaded, belonged to different people. Let’s remind, according to the analytic company Chainalysis, year 2019 beat the record for the number of hacker attacks on cryptocurrency exchanges, but the damage suffered by the exchanges was significantly lower than they had a year before.