Sen. Warren vows reintroduction of AML bill that extends to DAOs and DeFi

February 15, 2023 Coin Telegraph

While the Senator did not expand on other details of the upcoming bill, she suggested that DeFi should not be exempt from AML laws.

A bi-partisan anti-money laundering (AML) bill that covers “decentralized entities” such as decentralized finance (DeFi) protocols and DAOs will soon be reintroduced to Congress, according to United States Senator Elizabeth Warren.

Warren, a vocal crypto critic, argued at the Feb. 14 Senate Banking Committee’s hearing entitled “Crypto Crash: Why Financial System Safeguards are Needed for Digital Assets” that the crypto community wants decentralized entities running on code to be exempt from AML requirements:

“In other words, they want a giant loophole for DeFi written into the law so they can launder money whenever a drug lord or a terrorist pays them to do so.”

Due to this, Warren said she would re-introduce the Digital Asset Anti-Money Laundering Act of 2022 that she first introduced on Dec. 15, 2022. It was read twice before being referred to the Senate Banking Committee and has received no further traction since.

If legislated as it was, the seven-page bill would have prohibited financial institutions from using digital asset mixers such as Tornado Cash, which are designed to obscure blockchain data.

*Senator Warren speaking at the “Crypto Crash” committee hearing on Feb. 14. Source:* *U.S. Senate Banking Committee*.

It also would have resulted in unhosted wallets, miners, and validators being required to write and implement AML policies.

The Senator noted current AML laws “don’t cover big parts of the crypto industry,” and claimed crypto exchange ShapeShift took advantage of the lack of regulation when it restructured itself as a DeFi platform in July 2021, adding:

“They said we're making this shift, quote, ‘to remove itself from regulated activity.’ Translation: Launder your money here.”

Warren claimed “big-time financial criminals love crypto,” and argued that crypto was “the method of choice for international drug traffickers,” North Korean hackers and ransomware attackers, adding:

“The crypto market took in $20 billion last year in illicit transactions, and that's only the part we know about.”

These figures are backed up by a Jan. 12 report from blockchain analytics firm Chainalysis, which found that the total cryptocurrency value received by illicit addresses reached $20.1 billion throughout 2022.

According to a United Nations official speaking at a Counter-Terrorism Committee meeting in October 2022, cash is still the preferred choice for financing terrorists although they are beginning to turn to crypto more frequently.

North Korean hackers operating with Lazarus Group have also faced headwinds attempting to use crypto with the exchanges Binance and Huobi again freezing accounts, and in the process millions worth of crypto, linked to the notorious outfit.

Binance and Huobi freeze $1.4M in crypto linked to North Korean hackers

February 15, 2023 Coin Telegraph

Binance and Huobi freeze .4M in crypto linked to North Korean hackers

accounts

The North Korean-based hacker outfit Lazarus Group resorted to different privacy mixers attempting to anonymize the stolen funds, but it didn’t work.

Cryptocurrency exchanges Binance and Huobi have again frozen accounts linked to the $100 million Harmony Horizon bridge attack on Jun. 24, 2022.

Around $1.4 million worth of crypto frozen by the trading platforms came from accounts linked to the notorious Lazarus Group operating out of North Korea.

The investigation was carried out by blockchain analytics firm Elliptic, according to a report shared by the firm on Feb. 14. However, the firm didn’t state what coins or tokens were frozen.

Exchanges @binance and @HuobiGlobal today froze accounts containing $1.4 million stolen by North Korea’s Lazarus Group. This was made possible thanks to intel from Elliptic’s real-time investigations tools and a swift response by the receiving exchanges.https://t.co/f5bVpm8yfH
— elliptic (@elliptic) February 14, 2023

Elliptic explained it passed on the intelligence to Binance and Houbi who then acted promptly to freeze the Lazarus Group-linked accounts:

“The stolen funds remained dormant until recently, when our investigators began to see them funneled through complex chains of transactions, to exchanges. By promptly notifying these platforms about these illicit deposits, they were able to suspend these accounts and freeze funds.”

Since the Harmony exploit, it has been well documented that Lazarus Group resorted to the now United States OFAC-sanctioned privacy mixer Tornado Cash in an attempt to break the transaction trail back to the original theft.

While this supposedly makes it easier to cash out funds at an exchange, Elliptic investigators were able to trace the entirety of the stolen funds sent through the mixer in this case, the report stated.

Elliptic CEO Simone Maini suggested the events showed the industry was taking on the responsibility to prevent money laundering and stop crypto from becoming a “haven” for illicit activity:

“Today, money laundering was detected and stolen funds linked to North Korea were frozen, in real time. As an industry we have the power and responsibility to prevent digital assets becoming a haven for money launderers and sanctions evaders, and ensure that they are a force for good.”

The Harmony bridge attack was also attributed to the Lazarus Group by the United States Federal Bureau of Investigation (FBI) on Jan. 24.

This isn’t the first time Binance and Huobi have cooperated together on the matter.

The two platforms managed to freeze and recover 121 Bitcoin (BTC), worth $2.5 million at the time, linked to the Harmony attack on Jan. 16.

The recovery was, however, only a fraction of the $63.5 million laundered over that weekend, according to crypto sleuth ZachXBT, which he claims was funneled through Ethereum-based privacy protocol RAILGUN before being sent off to three different exchanges:

1/2 North Korea’s Lazarus Group had a very busy weekend moving $63.5m (~41000 ETH) from the Harmony bridge hack through Railgun before consolidating funds and depositing on three different exchanges. pic.twitter.com/huDumaJeSh
— ZachXBT (@zachxbt) January 15, 2023

Recent efforts from Elliptic last week also found that Lazarus Group has laundered about $100 million in Bitcoin through “Sinbad,” which they claim to be a re-launch of the now OFAC-sanctioned privacy mixer Blender.

Lazarus Group is believed to have stolen well over $2 billion in crypto since it shifted its focus to the industry in 2017 according to estimates from Elliptic.

Seoul Sanctions North Korea Over Crypto Theft

February 12, 2023 Bitcoin.com

North Korea stole more crypto in 2022 than any other year: UN report

February 7, 2023 Coin Telegraph

chainalysis

A report submitted to the United Nations found North Korean cyber attacks have become vastly more sophisticated and raked in more crypto than ever before.

A confidential United Nations report has revealed North Korean hackers stole more crypto assets in 2022 than in any other year so far.

The UN report, seen by Reuters, was reportedly submitted to a 15-member North Korea sanctions committee last week.

It found North Korean-linked hackers were responsible for between $630 million and more than $1 billion in stolen crypto assets last year and targeted networks of foreign aerospace and defense companies.

The UN report also noted that cyber attacks were more sophisticated than in previous years, making tracing stolen funds more difficult than ever.

"[North Korea] used increasingly sophisticated cyber techniques both to gain access to digital networks involved in cyber finance, and to steal information of potential value, including to its weapons programmes,” according to independent sanctions monitors in its report to the UN Security Council Committee.

Last week, a Feb. 1 report from blockchain analytics firm Chainalysis came to a similar conclusion, linking North Korean hackers to at least $1.7 billion worth of stolen crypto in 2022, the highest in history.

*North Korean hackers have been stealing more crypto than ever before. Source Chainalysis*

The firm named the cybercriminal syndicates as the most "prolific cryptocurrency hackers over the last few years."

"For context, North Korea's total exports in 2020 totalled $142 million worth of goods, so it isn't a stretch to say that cryptocurrency hacking is a sizable chunk of the nation's economy," Chainalysis said.

According to Chainalysis, at least $1.1 billion of the stolen loot was taken from hacks of DeFi protocols, making North Korea one of the driving forces behind the DeFi hacking trend that intensified in 2022.

*Chainalysis has revealed North Korean hackers tend to send large amounts of their stolen funds to mixers. Source Chainalysis.*

The firm also found that aside from DeFi protocols, North Korea-linked hackers tend to send large sums to mixers.

"In fact, funds from hacks carried out by North Korea-linked hackers move to mixers at a much higher rate than funds stolen by other individuals or groups," Chainalysis said.

North Korea has frequently denied allegations of being responsible for cyber attacks, but the new UN report alleged North Korea's primary intelligence bureau, the Reconnaissance General Bureau uses several groups such as Kimsuky, Lazarus Group and Andariel specifically for cyber attacks.

"These actors continued illicitly to target victims to generate revenue and solicit information of value to the DPRK, including its weapons programmes," the UN report said.

Submitted before the 15-member council's North Korea sanctions committee last week, the full report is reportedly due for public release later this month or early March.

North Korea’s Lazarus Group masterminded $100M Harmony hack: FBI confirms

January 24, 2023 Coin Telegraph

<div>North Korea's Lazarus Group masterminded 0M Harmony hack: FBI confirms</div>

Coin Telegraph

The FBI also confirmed earlier reports this month by figures such as ZachXBT that the hackers had started moving a large chunk of the funds around via privacy protocols.

The Federal Bureau of Investigation (FBI) has confirmed the Lazarus Group and APT38 as the culprits behind the $100 million Harmony Bridge Hack from June 2022.

The North Korea-linked cyber group had long been suspected of being behind the attack but their involvement hadn’t been confirmed by authorities until now.

According to a Jan. 23 statement, the FBI noted that “through our investigation, we were able to confirm that the Lazarus Group and APT38, cyber actors associated with the DPRK, are responsible for the theft of $100 million of virtual currency from Harmony’s Horizon bridge.”

The Harmony Bridge hack in 2022 was the result of security holes in Harmony’s Horizon Ethereum bridge which allowed the cyber attackers to swipe a number of assets stored in the bridge via 11 transactions.

The FBI also outlined that the North Korean hackers started shifting around $60 million worth of the stolen funds earlier this month via the Ethereum-based privacy protocol RAILGUN. Blockchain sleuth ZachXBT previously highlighted such via Twitter on Jan. 16.

Notably, Binance also detected the hackers were trying to launder the funds through the Huobi crypto exchange, and then promptly assisted it in freezing and recovering the digital assets deposited by the hackers, according to CEO Changpeng Zhao.

“On Friday, January 13, 2023, North Korean cyber actors used RAILGUN, a privacy protocol, to launder over $60 million worth of Ethereum (ETH) stolen during the June 2022 heist,” the FBI stated, adding that “a portion of these funds were frozen, in coordination with some of the virtual asset service providers. The remaining bitcoin subsequently moved to the following addresses.”

In its statement, the FBI said its cyber and virtual assets units, as well as the U.S. Attorney's Office and the U.S. Justice Department's crypto unit, have continued “to identify and disrupt North Korea’s theft and laundering of virtual currency, which is used to support North Korea’s ballistic missile and Weapons of Mass Destruction programs."

The Lazarus group is a well known hacking syndicate that has reportedly had a hand in a number of key exploits in the crypto industry, and has alleged to have been behind the $600 million Ronin Bridge hack from March last year.

In April 2022, the United States Treasury Department Office of Foreign Assets Control indicated as such, by updating its Specially Designated Nationals and Blocked Persons (SDN) to include the Lazarus Group following the hack.

That same month, the FBI and Cybersecurity and Infrastructure Security Agency also fired off a warning alert concerning North Korean state-sponsored cyber threats that target blockchain companies in response to the Ronin Bridge hack.

Onchain Researchers Discover $63M in Ethereum From Harmony Bridge Attack Moved, Hackers Attempt to Launder Funds on Major Exchanges

January 16, 2023 Bitcoin.com

North Korean Hackers Are Posing As Venture Capitalists To Steal Crypto Assets: Security Firm

December 29, 2022 The Daily Hodl

North Korean hackers stealing NFTs using nearly 500 phishing domains

December 26, 2022 Coin Telegraph

Coin Telegraph

The hackers created decoy websites impersonating NFT marketplaces, NFT projects and even a DeFi platform.

Hackers linked to North Korea’s Lazarus Group are reportedly behind a massive phishing campaign targeting non-fungible token (NFT) investors — utilizing nearly 500 phishing domains to dupe victims.

Blockchain security firm SlowMist released a report on Dec. 24, revealing the tactics that North Korean Advanced Persistent Threat (APT) groups have used to part NFT investors from their NFTs, including decoy websites disguised as a variety of NFT-related platforms and projects.

Examples of these fake websites include a site pretending to be a project associated with the World Cup, as well as sites that impersonate well-known NFT marketplaces such as OpenSea, X2Y2 and Rarible.

SlowMist said one of the tactics used was having these decoy websites offer “malicious Mints,” which involves deceiving the victims into thinking they are minting a legitimate NFT by connecting their wallet to the website.

However, the NFT is actually fraudulent, and the victim’s wallet is left vulnerable to the hacker who now has access to it.

The report also revealed that many of the phishing websites operated under the same Internet Protocol (IP), with 372 NFT phishing websites under a single IP, and another 320 NFT phishing websites associated with another IP.

*An example phishing website Source: SlowMist*

SlowMist said the phishing campaign has been ongoing for several months, noting that the earliest registered domain name came about seven months ago.

Other phishing tactics used included recording visitor data and saving it to external sites as well as linking images to target projects.

After the hacker was about to obtain the visitor's data, they would then proceed to run various attack scripts on the victim, which would allow the hacker access to the victim’s access records, authorizations, use of plug-in wallets, as well as sensitive data such as the victim’s approve record and sigData.

All this information then enables the hacker access to the victim’s wallet, exposing all their digital assets.

However, SlowMist emphasized that this is just the “tip of the iceberg," as the analysis only looked at a small portion of the materials and extracted “some” of the phishing characteristics of the North Korean hackers.

SlowMist Security Alert

North Korean APT group targeting NFT users with large-scale phishing campaign

This is just the tip of the iceberg. Our thread only covers a fraction of what we've discovered.

Let's dive in pic.twitter.com/DeHq1TTrrN
— SlowMist (@SlowMist_Team) December 24, 2022

For example, SlowMist highlighted that just one phishing address alone was able to gain 1,055 NFTs and profit 300 ETH, worth $367,000, through its phishing tactics.

It added that the same North Korean APT group was also responsible for the Naver phishing campaign that was previously documented by Prevailion on Mar. 15.

North Korea has been at the center of various cryptocurrency theft crimes in 2022.

According to a news report published by South Korea’s National Intelligence Service (NIS) on Dec 22, North Korea stole $620 million worth of cryptocurrencies this year alone.

In October, Japan’s National Police Agency sent out a warning to the country’s crypto-asset businesses advising them to be cautious of the North Korean hacking group.