skip to Main Content

August 31, 2020

Tracing Monero | North Korean Hacker Army | Japan To Seize Stolen Crypto | Airbit Founders Face Charges

  • CipherTrace Announces World’s First Monero Tracing Capabilities 
  • U.S. Army Reveals Intel of 6,000+ North Korean Hackers
  • Japanese Authorities to Seize $530M in First Official Seizure of Cryptocurrency 
  • Airbit Founders Charged for Alleged $20M Cryptocurrency Mining Fraud

CipherTrace Announces World’s First Monero Tracing Capabilities for Law Enforcement, Government, and Virtual Asset Service Providers

CipherTrace’s contract with DHS Science & Technology Directorate has resulted in the development of forensic tools for law enforcement and government agencies to trace and visualize Monero transaction flows for criminal investigations. These new tools allow for transaction search, exploration, and visualization capabilities in Monero transaction flows and have been integrated with CipherTrace’s Inspector financial investigations product.

This new toolset provides ways to track stolen Monero or Monero used in illegal transactions. It also helps assure cryptocurrency exchanges, OTC trading desks, investment funds and custody providers that they do not accept Monero from illicit sources. Monero received from potentially illicit sources can now be investigated, allowing VASPs to take appropriate actions to stay in compliance.

Why It Matters: Monero is increasingly used in ransomware and illicit purchases on the dark markets. Now, law enforcement can trace these privacy-enhanced cryptocurrencies.

Read more:

Read the press release:


6,000+ North Korean Hackers Hack for their Country, According to US Army Memo

A July 2020 US Army report on North Korean tactics reveals information on the hermit nation’s infamous network of government-sanctioned hackers. According to the report, the DPRK has more than 6,000 hackers stationed in countries all over the world, including Belarus, China, India, Malaysia and Russia.

The report suggests that the group is overseen by Bureau 121, the cyber warfare guidance unit of North Korea. It is thought that the hackers generally do not launch their cyberattacks directly from North Korea, as the country lacks the IT infrastructure necessary to enable such an undertaking.

North Korean hackers have conducted numerous high-profile hacks of financial institutions and international business. The notorious Lazarus Group has successfully stolen millions from several cryptocurrency exchanges, unleashed the WannaCry ransomeware on the web, and broke into Sony Pictures and leaked unreleased content and other private info. According to the U.S. Army memo, the group’s mission is to “create social chaos by weaponizing enemy network vulnerabilities and delivering a payload if directed to do so by the regime.” It’s also thought that the hackers use privacy coins to cover their tracks when converting funds into cash. This revelation highlights the need to continue developing methodology for tracing illicit money flows via privacy coins.

Why It Matters: DPRK uses ill gotten cryptocurrency from these crimes to fund their nuclear weapons program and other military initiatives. Companies paying ransomware may be violating sanctions and helping to fund North Korea’s weapons of mass destruction program.

Read more in Cointelegraph here:

Read the U.S. Army Report “North Korean Tactics” here:

On August 27, the U.S. Justice Department filed an action against 280 virtual currency accounts related to North Korean hacking and money laundering. Read the action here:


Japan Seizes Coincheck Hack Proceeds in First Official Seizure of Cryptocurrency 

On August 19, the Tokyo District Court issued an order of seizure for a portion of misappropriated funds that were stolen from the Tokyo-based crypto exchange Coincheck.

In 2018, Coincheck was hacked and over $500 million in NEM (XEM) was stolen by the perpetrators of the attack. At the time, it was one of the biggest crypto hacks yet. However, since then, the value of XEM tokens has dropped by 93%. The original sum is now estimated to be worth around $39 million.

Reportedly, the court issued an order of seizure from Takayoshi Doi, an Obihiro City doctor. Doi is not suspected of being involved in the 2018 hack; however, he was charged for his purchase of XEM originating from the hack.

Why It Matters: This action marks the first time that a Japanese court has ordered the seizure of cryptocurrency. The funds in question amount to roughly 4.8 million yen ($45,000) in both XEM and Bitcoin. Doi is expected to keep the funds safe until an official verdict is handed down.

Read more in Decrypt here:


Justice Department Charges Airbit Founders with Cryptocurrency Mining Fraud

On August 18, The U.S. Department of Justice released an indictment charging the operators of AirBit for international fraud, money laundering, and defrauding individuals through a purported cryptocurrency company.

The five founders of AirBit Club, Pablo Rodriguez, Gutemberg Dos Santos, Scott Hughes, Cecilia Millan and Jackie Aguilar, had been running the company since the beginning of 2015. Airbit was advertised as a cryptocurrency mining and trading company according to the Justice Department.

Victims interviewed about the scam have testified that they were under the impression that they had profited when viewing their accounts on the Airbit website; however, these profits were nonexistent in reality. Instead, the operators of Airbit were using those funds to pay for their extravagant lifestyles. The Justice Department alleges that the group is also involved in the laundering of at least $20 million of the proceeds from the scheme.

Why It Matters: Taking advantage of the general human desire to “get rich quick” through investment scams is as old as money itself. Cryptocurrency is frequently used in these types of schemes because of the buzz surrounding this new asset type, but the basic characteristics of cryptocurrency investment scams are generally no different than other types of investment fraud.

Read more in CFO here:

Back To Top