Us Scrambles To Recoup $1m+ Nicked By Norks

The US Department of Justice is trying to recoup around $1 million that three IT specialists secretly working for the North Korean government allegedly stole from a New York company.

Bong Chee Shen was first in the door, as the unnamed company hired him in December 2022. He then recommended two other devs to join him to work on the company’s cryptocurrency wallet scheme. 

All three were fired in May 2024 for poor work performance and difficulties communicating with coworkers. The trio would also regularly claim that their microphones weren’t working while on video calls.

In August of the same year, the company realized approximately $1.35 million worth of its crypto assets had been drained. 

The FBI investigated the apparent theft and found Shen, who used a fraudulent Malaysian ID to secure employment at the company, had allegedly engineered a vulnerability in the company’s wallet which let him steal Tether tokens.

After he stole the funds, according to the US, Shen engaged in a multi-layered laundering scheme, passing the funds through different blockchains to obfuscate the final receiver. This all took place over the course of three months, with the final laundering transaction taking place in November.

Armed with a warrant, on April 17, the FBI instructed Tether Limited to seize the stolen funds and return them to US-controlled wallets, which it did on July 17.

The FBI is still in possession of the stolen funds, and the DOJ is now seeking to recover this for the raided company.

Since Tether is a stablecoin that’s pegged to the value of the US dollar, the 1008902.606307 Tether tokens currently under the FBI’s watch are worth $1,008,564.72, the DOJ said in its complaint for forfeiture [PDF].

The three hackmigos

The alleged attack on the New York-based company was not Shen’s first. His real name, Chang Nam Il, is one of four that appear on a recent FBI wanted poster, and he sometimes uses the alias Peter Xiao. He is wanted for separate thefts affecting a blockchain research and development company in Atlanta, and a company in Serbia.

Chang Nam Il aka Bong Chee Shen’s ID card – Click to enlarge

Chang allegedly used his access at the Atlanta company to transfer more than $700,000 to a wallet he controlled by altering two smart contracts.

The FBI later traced Chang’s fake Malaysian identity card (Shen) to a Know Your Customer information check at a virtual currency site where he registered the wallet.

He also gained employment at a Serbian virtual currency company off a recommendation from a pre-implanted North Korean IT worker, this time under the guise of Peter Xiao.

In this role, he allegedly helped steal and launder around $200,000 worth of cryptocurrency.

The US Rewards for Justice program is offering $5 million for information that leads to the disruption of the mechanisms that are used by North Koreans to generate money for their homeland.

Western powers consistently assert that the widely-reported North Korean IT worker schemes, which often use US infrastructure or laptop farms, are used to generate capital for North Korea’s military.

As for the other two men allegedly involved in the New York company raid, they went by the names Joshua Charles Palmer and Chris Yu, ostensibly from Michigan and Malaysia, respectively. 

ID card for North Korean IT worker alias Joshua Charles Palmer – Click to enlarge

Palmer presented the company with a Michigan identity card that the state’s DMV confirmed was issued on April 7, 2022. 

The DMV issued the card to a Joshua Charles Palmer with the same serial number as the one used by the North Korean imposter. However, the image held by the DMV “bears no resemblance” to the North Korean, court documents stated.

ID card for North Korean IT worker alias Chris Yu – Click to enlarge

Similarly, Yu presented the company with an image of a fake Malaysian identity document, claiming he was born in Kuala Lumpur in 1992, but according to the FBI’s information, this identity is associated with North Korean IT workers.®

Original Source