In the wake of the devastating ByBit exchange heist by suspected North Korean hackers, CoinDesk has published an article highlighting the problems that North Korea has in terms of laundering such large amounts of stolen crypto, and the alleged role being played by Chinese crypto-based money laundering services. (Link: https://lnkd.in/dVkn2Q_K).
Last year, Cloudburst Technologies published a report on this laundering activity (Link: https://lnkd.in/dSFEdVaT) that noted, "China appears to be the largest market for online crypto money laundering services, and many Chinese money laundering channels on Telegram have tens of thousands of subscribers." The report also explained how the laundering services are evading law enforcement by selling "stolen USDT across borders. For example, the USDT we steal from the United States will only be sold in China, and USDT is not protected by law in China!" To buttress their claims, services have posted videos on Telegram and other social media platforms that appear to show bags--and in some cases, pallets--of cash being loaded up and taken out of banks in China, including branches of China Merchants Bank, the Agricultural Bank of China, and China Construction Bank.
A cursory analysis of these services suggest that they almost certainly work with insider assistance at Chinese banks and government agencies, as well as in collaboration with suspected illicit gambling networks, hackers, and online extortionists. Commission rates for money mules typically range from 1.5% to 7.6% depending on the payment method, which is done via Alipay, WeChat Pay, bank transfers, or cash. USDT is overwhelmingly the preferred cryptocurrency medium, and there is a clear division between "white U" (i.e. seemingly clean and legitimate USDT) versus "black U" (i.e. stolen USDT with a tainted history and possible legal baggage). Messages posted by these Chinese laundering services reference "black U" being exchanged for "white U" at a ratio of 2:1, suggesting a form of mixing or layering. These services also appear to be highly organized with a defined hierarchical structure, including recruiters, team leaders, and customer service representatives. They can be readily accessed through multiple chat platforms. No wonder they are attractive cash-out targets for North Korean hackers...