Home Fraud & Scams

US Treasury Department Ties Lazarus Attacks To Two Chinese Nationals

In a ‘Specially Designated Nationals List Update​’, published online via it’s resource centre on March 2, 2019, the Office of Foreign Assets Control (a division of the U.S. Department of the Treasury) revealed that two new individuals had been added to its so-called ‘SDN’ list.

This update specifically refers to two Chinese nationals residing in China, linking them and 20 different Bitcoin addresses to recent attacks against cryptocurrency exchanges believed to have occurred as part of the infamous Lazarus Group.

The identities of Li, Jiadong (Chinese Simplified: 李家东 – known by the following screen names: “blackjack1987” and “khaleesi”) and TIAN, Yinyin (Chinese Simplified: 田寅寅 – using the aliases: “snowsjohn” and “tianyinyin0404”) have been linked to North Korean phone numbers and have been assigned special numbers by the U.S. government, identifying them as suspicious individuals.

2009: Operation Troy
2013: South Korea Cyber attack
(late) 2014: Sony breach
Early 2016 Investigation: Operation Blockbuster
Mid 2017: WannaCry Attack
2017: Cryptocurrency Attacks
September 2019: Crypto and Telegram Attacks

Wikipedia (Timeline of Lazarus Group Attacks)

Attacks carried out by the Lazarus Group (organisation of illegal hackers) have predominantly been linked to North Korea.

Although the true origin of these attacks is unknown, this recent publication suggests that the organisation could be made up of either Chinese actors exclusively – or an internationally distributed network of like-minded individuals.

​”As part of its enforcement efforts, OFAC publishes a list of individuals and companies owned or controlled by, or acting for or on behalf of, targeted countries. It also lists individuals, groups, and entities, such as terrorists and narcotics traffickers designated under programs that are not country-specific.

“Collectively, such individuals and companies are called ‘Specially Designated Nationals’ or ‘SDNs.’ Their assets are blocked and U.S. persons are generally prohibited from dealing with them.”

Office of Foreign Assets Control (on Specially Designated Nationals ‘SDN’ List’)

The Office of Foreign Assets Control is a department of the U.S. Department of the Treasury. It’s role is to implement and enforce international sanctions imposed by the country and “acts under Presidential national emergency powers, as well as authority granted by specific legislation, to impose controls on transactions and freeze assets under US jurisdiction”.

On March 3, 2020 the U.S. Department of the Treasury brought together various so-called industry and thought leaders from within the cryptocurrency space, and met them to discuss policy and developments.

Back in February 12, 2020 the Treasury’s secretary Steven Mnuchin delivered a warning that FinCEN (the country’s financial crimes watchdog) was preparing ‘significant’ new rules and regulations pertaining to cryptocurrency.


#1: LI, Jiadong (Chinese Simplified: 李家东) (a.k.a. “blackjack1987”; a.k.a. “khaleesi”)

Location: Anshan, Liaoning, China (Chinese Simplified: 鞍山, 辽宁, China)
Date of Birth: January 1, 1987.
Gender: Male

Linked to 12 addresses (XBT) associated with Lazarus Group
Digital Currency Address – XBT 1EfMVkxQQuZfBdocpJu6RUsCJvenQWbQyE
alt. Digital Currency Address – XBT 17UVSMegvrzfobKC82dHXpZLtLcqzW9stF
alt. Digital Currency Address – XBT 39eboeqYNFe2VoLC3mUGx4dh6GNhLB3D2q
alt. Digital Currency Address – XBT 39fhoB2DohisGBbHvvfmkdPdShT75CNHdX
alt. Digital Currency Address – XBT 3E6rY4dSCDW6y2bzJNwrjvTtdmMQjB6yeh
alt. Digital Currency Address – XBT 3EeR8FbcPbkcGj77D6ttneJxmsr3Nu7KGV
alt. Digital Currency Address – XBT 3HQRveQzPifZorZLDXHernc5zjoZax8U9f
alt. Digital Currency Address – XBT 3JXKQ81JzBqVbB8VHdV9Jtd7auWokkdPgY
alt. Digital Currency Address – XBT 3KHfXU24Bt3YD5Ef4J7uNp2buCuhrxfGen
alt. Digital Currency Address – XBT 3LbDu1rUXHNyiz4i8eb3KwkSSBMf7C583D
alt. Digital Currency Address – XBT 3MN8nYo1tt5hLxMwMbxDkXWd7Xu522hb9P
alt. Digital Currency Address – XBT 3N6WeZ6i34taX8Ditser6LKWBcXmt2XXL4

Secondary sanctions risk:
North Korea Sanctions Regulations: sections 510.201 and 510.210
Phone Number: 8613314257947
alt. Phone Number: 8618004121000
Identification Number: 210302198701102136 (China) (individual) [DPRK3] [CYBER2] (Linked To: LAZARUS GROUP).


#2: TIAN, Yinyin (Chinese Simplified: 田寅寅) (a.k.a. “snowsjohn”; a.k.a. “tianyinyin0404”)

Location: Nanjing, Jiangsu, China (Chinese Simplified: 南京, 江苏, China)
Date of Birth: July 12, 1986
Nationality: China
Email Address: 417136259@qq.com

Linked to 8 addresses (XBT) associated with Lazarus Group + Attacks
Digital Currency Address – XBT 134r8iHv69xdT6p5qVKTsHrcUEuBVZAYak
alt. Digital Currency Address – XBT 15YK647qtoZQDzNrvY6HJL6QwXduLHfT28
alt. Digital Currency Address – XBT 1PfwHNxUnkpfkK9MKjMqzR3Xq3KCtq9u17
alt. Digital Currency Address – XBT 14kqryJUxM3a7aEi117KX9hoLUw592WsMR
alt. Digital Currency Address – XBT 1F2Gdug9ib9NQMhKMGGJczzMk5SuENoqrp
alt. Digital Currency Address – XBT 3F2sZ4jbhvDKQdGbHYPC6ZxFXEau2m5Lqj
alt. Digital Currency Address – XBT 1AXUTu9y3H8w4wYx4BjyFWgRhZKDhmcMrn
alt. Digital Currency Address – XBT 1Hn9ErTCPRP6j5UDBeuXPGuq5RtRjFJxJQ

Secondary sanctions risk:
North Korea Sanctions Regulations: sections 510.201 and 510.210
Phone Number: 8613621583465
Identification Number: 321284198607120616 (China) (individual) [DPRK3] [CYBER2] (Linked To: LAZARUS GROUP).