Type to search

US Sanctions Trio in China Tied to North Korean Hackers, ICBMs

The US Treasury has imposed sanctions on two Chinese traders and a North Korean bank agent for laundering millions in crypto stolen by a notorious hacking group and used to pay for missiles

Two Chinese crypto traders and a North Korean bank official have been hit with US sanctions for allegedly funneling millions of dollars in cryptocurrency stolen by North Korean hackers.
Two Chinese crypto traders and a North Korean bank official have been hit with US sanctions for allegedly laundering millions of dollars in cryptocurrency stolen by North Korean hackers. Reuters file image.


The United States has imposed sanctions on three people in China, who it says laundered virtual currency – crypto – stolen by North Korean hackers.

The trio – crypto trader Wu Huihui, Hong Kong-based crypto trader Cheng Hung Man and Sim Hyon Sop, a representative of North Korea’s Korea Kwangson Banking Corp now in China’s Dandong, Liaoning province – are accused of helping to fund weapons programmes for Pyongyang.

A US Treasury statement said Wu Huihui facilitated the conversion of virtual currency (crypto) stolen by North Korea’s cybercriminal syndicate, the Lazarus Group, while Cheng Hung Man, is alleged to have worked with Wu to remit payments in exchange for the stolen crypto.

Also targeted was Sim Hyon Sop, an official who acts on behalf of Kwangson Banking Corp, an entity previously designated for sanctions by the United States.


North Korea Crypto Theft at Record High in 2022: UN Report


The latest move comes just over a week after the US linked North Korean hackers to the theft of hundreds of millions of dollars’ worth of crypto tied to the popular online game Axie Infinity.

The Ronin blockchain network, which lets users transfer crypto in and out of the game, said digital funds worth almost $615 million was stolen on March 23 and the US Treasury later identified a digital currency address used by the hackers as being controlled by the North Korean hacking group known as “Lazarus.”

The latest Treasury statement says Wu processed multiple transactions that converted millions of dollars worth of virtual currency.

Cheng, it said, was a Hong Kong-based over-the-counter trader who worked with Wu “to remit payment to companies in exchange for virtual currency. Cheng utilized front companies to enable DPRK (the Democratic People’s Republic of Korea – ie, North Korean) actors to bypass countering illicit finance requirements at financial institutions and access the US financial system,” it alleged.


North Korean agents in China

The US government’s Financial Crimes Enforcement Network (FinCEN) says North Korea uses a network of financial representatives, mostly in China, who operate as agents for North Korean financial institutions.

They “orchestrate schemes, set up shell companies, and manage surreptitious bank accounts to move and disguise illicit funds” and pay for North Korea’s weapons of mass destruction and ballistic missile programmes.

Sim, the Treasury statement said, “has coordinated millions of dollars in financial transfers for the DPRK” (North Korea).

The US sanctions aims to freeze any US assets of three individuals, which may not necessarily amount to much, but it also makes any people who do business with them liable to US sanctions.


Cyber theft, arms deals

The US says the Lazarus group is controlled by the Reconnaissance General Bureau (RGB), North Korea’s main intelligence bureau and the entity responsible for the country’s malicious cyber activities, plus the country’s arms trades.

US Treasury Under Secretary for Terrorism and Financial Intelligence Brian Nelson said North Korea “continues to exploit virtual currency and extensive illicit facilitation networks to access the international financial system and generate revenue.”

Nelson said Washington was committed to holding accountable those who enable North Korea’s “destabilizing activities, especially in light of the three intercontinental ballistic missiles Pyongyang has launched this year alone.”

Years of US-led sanctions have failed to halt North Korea’s nuclear bomb and missile programmes. The latest Treasury action was announced before a visit to the United States this week by South Korean President Yoon Suk Yeol.

A February report by US-based blockchain analytics firm Chainalysis said North Korea-linked hackers such as those in the Lazarus Group stole an estimated $1.7 billion in cryptocurrency heists attacks last year.


  • Reuters with additional reporting and editing by Jim Pollard




Yoon Warns Seoul May Need to Get Nuclear Weapons Back – NYT


US Slams ‘Reckless’ North Korean Missile That Caused Japan Alert


Crypto Crash Hits Proceeds of North Korean Hacker Heists


N Korea Hackers Prime Suspects in $100m Harmony Crypto Heist


Pyongyang Trying to Place Hackers in Foreign Firms, Says US


Jim Pollard

Jim Pollard is an Australian journalist based in Thailand since 1999. He worked for News Ltd papers in Sydney, Perth, London and Melbourne before travelling through SE Asia in the late 90s. He was a senior editor at The Nation for 17+ years.


AF China Bond