Binance aided US authorities in freezing $4.4M associated with DPRK cybercrime groups

By: Mark Jessy

Binance aided US authorities in freezing $4.4M associated with DPRK cybercrime groups

May 25, 2023 6:17 AM

To comply with the "lawfully served warrants," Binance took action to flag the accounts and freeze the cash.

Binance has stated that it "assisted American law enforcement" in seizing $4.4 million in crypto assets linked to North Korean criminal organizations.

On May 25, Binance tweeted that it has collaborated with U.S. law enforcement through its Binance Investigations team to thwart the "illicit revenue generation activities" of four North Korean businesses that were later designated as sanctions targets.

"Ultimately, we took swift measures regarding accounts linked to these persons over a year ago, complying with lawfully issued warrants and in cooperation with law enforcement," the firm said.


Binance said that they are "continuously monitoring their platform for nefarious nation-state actors and working with law enforcement" when asked whether there were any future plans for additional collaboration between the two parties.

On May 23, the Office of Foreign Assets Control, or OFAC, of the United States Department of the Treasury released a statement→ saying that it has sanctioned four businesses and one individual for "malicious cyber activities that support the Democratic People's Republic of Korea (DPRK) Government."

The four organizations are the Technical Reconnaissance Bureau, the 110th Research Center, the Chinyong Information Technology Cooperation Company, and the Pyongyang University of Automation.

According to the Treasury, Chinyong has a "workforce of thousands of highly skilled IT workers around the world" tasked with generating "revenue that contributes to its unlawful WMD and ballistic missile programs."

These individuals use forged or stolen identities to seek outside IT employment, particularly IT and crypto-related positions and then launder the money through cryptocurrency exchanges back to the DPRK.

Kim Sang Man (Kim) is also sanctioned by OFAC for "presumed involvement in the payment of salaries to family members of Chinyong's overseas DPRK worker delegations" and receiving $2 million in cryptocurrency for distributing IT equipment to DPRK-affiliated groups in China as well as Russia.

The Technical Reconnaissance Bureau, according to the Treasury Department, "leads the DPRK's development of offensive cyber methods and instruments and runs multiple divisions, which include those connected with the Lazarus Group."

In recent years, the Lazarus Group has invaded various crypto/blockchain projects. It is suspected of carrying out the $620 million hack on Axie Infinity's Ronin Bridge in March 2022.


Binance CEO Changpeng Zhao recently announced in late April that the company has recovered $5.8 million from the Lazarus Group after noticing part of the ill-gotten gains flowing across the market.