New report sheds light on how North Korean hackers used Binance to launder stolen funds

Quick Take

  • A new report from Reuters states that Binance was used to process transactions totaling at least $2.35 billion in illicit funds, including crypto stolen by the North Korean Lazarus group.
  • Binance claims to be supporting police investigations and “proactively” sharing intelligence.

In September 2020, hackers from the North Korean Lazarus Group broke into Slovakian crypto exchange Eterbase and stole currency worth roughly $5.4 million. Using only encrypted email addresses, the hackers opened at least two dozen anonymous accounts on Binance and used them to “convert the stolen funds and obscure the money trail,” according to a new Reuters investigation.

According to the report, the interactions between the exchange and the well-known state-sponsored hacking group are part of a much larger picture of illicit activity. From 2017 to 2021, Binance was used to process transactions totaling at least $2.35 billion associated with hacks, investment frauds and illegal drug sales, Reuters said.

Lazarus group, which was sanctioned by the US Government in 2019 over cyberattacks designed to support North Korea’s weapons program, made headlines again in April when the US government drew a connection between its actions and nearly $600 million stolen from Axie Infinity's Ronin sidechain network. Blockchain analytics firm Chainalysis estimates that by 2020 Lazarus had stolen crypto worth $1.75 billion.

In response to Reuters’ investigation, Binance spokesperson Patrick Hillman claimed that accounts holding nearly $5.8 million used during the Ronin attack have been identified and frozen by Binance’s security team. 

“Many Binance team members were involved in the initial investigation,” a statement released by the company claimed. “We proactively share intelligence with law enforcement to map out North Korea’s modus operandi globally.”

THE SCOOP

Keep up with the latest news, trends, charts and views on crypto and DeFi with a new biweekly newsletter from The Block's Frank Chaparro

By signing-up you agree to our Terms of Service and Privacy Policy
By signing-up you agree to our Terms of Service and Privacy Policy

Referring to the Eterbase attack, Binance stated that “we fully cooperated with requests received from Slovak authorities.” 

Binance strengthened its know-your-customer requirements in August 2021, and data from analytics firm Crystal Blockchain shows that flows of illicit funds have dropped significantly since then. However, with millions already stolen or used for illicit activity on Binance, it’s unclear what is being done to support victims of theft or fraud.

While consumers in many countries can call on banks to freeze or reimburse stolen funds, Binance explains on its website that law enforcement must be directly involved and victims must sign non-disclosure agreements as a condition for freezing assets.


© 2023 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.