While Yinyin’s and Jiadong’s involvement goes as far back as 2017, the DOJ’s announcement puts emphasis on a massive hack that occurred in 2018. Pyongyang hackers apparently stole $250 million from a virtual currency exchange that year and then had the funds laundered through hundreds of automated cryptocurrency transactions. They evaded being caught by using doctored photographs and false IDs. DOJ says North Korea used a portion of the funds to pay for infrastructure used in its hacking campaigns, though UN investigators also previously said that the country uses the funds it steals for its nuclear weapons program.

According to The Wall Street Journal, American officials have long suspected that Chinese actors are helping Pyongyang’s hacking efforts. However this is the first known example of the US government indicting Chinese nationals for aiding North Korea’s cyber operations. In addition to charging the accused, the US attorney’s office in Washington filed a civil action to seize the assets it believes are held in 113 virtual currency accounts. The US Treasury Department also imposed sanctions on Yinyin and Jiadong, as well as on the numerous cryptocurrency addresses they used to launder money for North Korea.

On top of this, Griffith supposedly planned to streamline Ethereum exchanges between North and South Korea while knowing this would violate US sanctions. He apparently called on other Americans to visit North Korea (including for the crypto conference) and signaled plans to renounce his US citizenship while buying citizenship elsewhere.

Griffith is charged with violating the International Emergency Economic Powers Act and, if convicted, could face up to 20 years in prison.

Whether or not the allegations hold up, it doesn’t look good for Griffith. There have been multiple reports of North Korea stealing billions in cryptocurrency and conventional money to help fund its nuclear program — Griffith couldn’t feign innocence about what the country might want from him. And with an explicit warning to avoid going, he was in trouble regardless of what he said.

South Korea appears to be the hardest hit country, suffering at least 10 attacks. India was the victim of three attacks, with Bangladesh and Chile the victim of two each. Meanwhile, Costa Rica, Gambia, Guatemala, Kuwait, Liberia, Malaysia, Malta, Nigeria, Poland, Slovenia, South Africa, Tunisia and Vietnam suffered one attack each.

The attacks were undertaken in three main ways: through the SWIFT system used to transfer money between banks; directly through exchanges and users to steal cryptocurrency; and by “cryptojacking” computers by infecting them with malware to use its resources to generate cryptocurrency.

In one unnamed country, for example, hackers managed to access the infrastructure managing its entire ATM system and installed malware modifying the way transactions are processed. In another country, stolen funds were “transferred through at least 5,000 separate transactions and further routed to multiple countries before eventual conversion” to a currency that a government has declared legal money, therefore making it extremely difficult to track the funds.

Meanwhile, South Korea’s cryptocurrency exchange, Bithumb, has been targeted at least four times. Two attacks in 2017 resulted in losses of around $7 million each, while a further two, in June 2018 and March 2019, lead to the loss of $31 million and $20 million respectively.

According to the report, many of these attacks are undertaken by actors operating under the direction of the Reconnaissance General Bureau — the General Bureau is North Korea’s military intelligence agency. The UN says that the attacks, which are “low risk and high yield” and often require little more than a laptop and internet access, are being investigated as attempts to violate UN sanctions.

It’s well-established that Koryolink enables spying on users, although the new details suggest the system is more elaborate than previously thought. While it’s known that the network is highly restrictive for locals (who can’t make international calls or reach the internet) and loosened for visitors (barred from local calls and the state intranet), the government elite use domestically-made encryption to ensure their conversations can’t be monitored. Huawei was asked to test how well the encryption worked, while Panda provided supporting software.

Everyone else, meanwhile, is subject to potential eavesdropping through Huawei-supported interception gateways that let law enforcement intercept calls, texts, data and even faxes. The surveillance system was initially due to cover up to 2,500 targets, but was slated to scale up to 5,000 targets. It’s unclear how large the system is now, although North Korea has since deepened its control to block unapproved apps and take random screenshots to record users’ activity.

Huawei told the Post that it “has no business presence” in North Korea, although the emphasis was clearly on the present tense. The spokesman wouldn’t say whether Huawei had previously done business in the country, and wouldn’t confirm or deny the legitimacy of the documents detailing the North Korean connection. Huawei no longer maintains Koryolink, which has largely been dwarfed by the ZTE-supported Kang Song network.

The concern isn’t just that Huawei was supporting a oppressive dictatorship, but that it may have flaunted laws and sanctions while doing so. Experts believe that Huawei’s 3G gear for Koryolink used at least some US components. As Panda was banned from receiving US-origin equipment in 2014, Huawei may have violated the American export ban if any of its gear included at least 10 percent American content. The tech giant was apparently determined to keep its North Korean work quiet, having codenamed the country “A9” (Iran and Syria received similar codenames) to avoid obviously damning evidence.

The US Commerce Department has declined to comment. Privately, though, one State Department official told the Post that the documents backed a “general concern” that Huawei couldn’t be trusted due to its apparent eagerness to avoid and break the law. The company is already facing US charges for allegedly stealing trade secrets and violating sanctions. It’s unclear how the revelations might change things, if at all, but they certainly won’t help Huawei’s claims of innocence. If anything, they may reinforce the efforts of some US politicians to maintain sanctions no matter what the President wants.