An investigation has uncovered that Binance, the world’s largest cryptocurrency exchange, was implicated in laundering approximately 1 trillion KRW (approximately 700 million USD) of cryptocurrency stolen by North Korean hacking groups.
The International Consortium of Investigative Journalists (ICIJ) revealed in its Coin Laundry investigative report on Monday that it had traced approximately 900 million USD of stolen Ethereum (ETH) flowing into Binance accounts.
The ICIJ investigation found that North Korean hackers employed sophisticated methods to launder the funds. Rather than immediately cashing out the Ethereum stolen from the 1.5 billion USD Bybit exchange hack in February, they took a more circuitous route.
The hackers demonstrated meticulous planning by first converting the stolen Ethereum into Bitcoin (BTC) using decentralized exchange services such as THORChain, which are harder to trace. They then dispersed the funds across multiple Binance accounts.
The ICIJ exposed that Binance, OKX, and Coinbase, among other major exchanges, serve as key money-laundering channels not only for North Korean hackers but also for multiple criminal organizations, including Mexico’s Sinaloa Cartel, Chinese crime syndicates involved in human trafficking, and Russian ransomware groups.
Notably, Binance continued to process hundreds of millions of dollars linked to criminal organizations even while under court supervision. This occurred despite the exchange admitting to violations of anti-money-laundering laws and paying substantial fines to the U.S. Department of Justice in November 2023, sparking controversy.
Gerard Ryle, the ICIJ director, criticized this trend, saying that while offshore tax havens once showed how hidden money moves, now those same forces are exploiting the cryptocurrency market to transfer illegal funds openly.
The Coin Laundry investigative project involved more than 100 journalists from 35 countries, highlighting the global scale of the issue.
