Four United States government agencies collaborated in an investigation of North Korean hackers who targeted and stole over $250 million worth of various cryptocurrencies from two South Korean cryptocurrency exchanges in July 2019 and March 2020. A civil in rem forfeiture complaint filed on behalf of the United States on August 27th, 2020 seeks the forfeiture of 280 virtual currency accounts belonging to the hackers. Although the techniques used by the agencies to trace the stolen funds is impressive, the task of seizing the assets still remains and presents a unique problem.
The issue for seizing the cryptocurrency wallets involves two elements. First, seizing cryptocurrency abroad requires multiple legal hurdles to clear. Second, the property belongs to a country with tense political relations to the United States. The government is faced with the issue of enforcing a forfeiture against an almost untouchable entity.
The Attack & Investigation
The American agencies utilized a U.N. report by the U.N.’s Security Council to suspect North Korean hackers as masterminds of the attack. North Korean hackers previously attacked South Korean crypto exchanges to fund their regime’s weapons development program. With this information, the agencies used advanced tracing techniques to obtain and track the hacker’s transactions, wallet addresses, clusters on the blockchain, email and exchange accounts, and VPN addresses to confirm North Korean hackers were indeed behind the attack.