Case Sheds Light on Latest Methods to Evade Detection: “Peeling” Chains
On March 2, the U.S. government sanctioned and indicted two Chinese nationals for helping North Korea launder nearly $100 million in stolen cryptocurrency. The indictment, filed in the District of Columbia, charges the defendants with conspiring to commit money laundering transactions designed to both “promote” and “conceal” the underlying crimes of wire fraud (the theft of the cryptocurrency via hacking) and operating as an unlicensed money transmitter — the latter of which is also charged in the indictment as an additional count.
According to the related and detailed civil forfeiture complaint, these funds were only a portion of those stolen in 2018 by state-sponsored hackers for North Korea from a South Korean exchange. These actions, notable in several respects, provide a glimpse at the latest methods of laundering cryptocurrency.
Anyone attempting to launder illicit cryptocurrency faces at least two big challenges. First, due to rigid know-your-customer rules, one cannot simply deposit large amounts of funds at an exchange without raising red flags. Second, because all cryptocurrency transactions are recorded on a blockchain, they can be traced.
To clear these hurdles, the complaint alleges that North Korean hackers used “peeling chains.” In a peeling chain, a single address begins with a relatively large amount of cryptocurrency. A smaller amount is then “peeled” off this larger amount, creating a transaction in which a small amount is transferred to one address, and the remainder is transferred to a one-time change address. This process is repeated – potentially hundreds or thousands of times – until the larger amount is pared down, at which point the amount remaining in the address might be aggregated with other such addresses to again yield a large amount in a single address, and the peeling process goes on.