I’m thrilled to sit down with Rupert Marais, our in-house security specialist with extensive expertise in endpoint and device security, cybersecurity strategies, and network management. Today, we’re diving into a high-profile case involving the alleged theft of over $1 million in cryptocurrency from a New York company by IT specialists reportedly linked to North Korea. In this conversation, we’ll explore the intricate details of how the theft unfolded, the methods used to obscure the stolen funds, the backgrounds of the individuals involved, and the broader implications for cybersecurity in the crypto space. Let’s get started.
How did this alleged cryptocurrency theft from a New York company come to light, and what was the scale of the loss?
Thanks for having me. This case is a stark reminder of the vulnerabilities in the crypto industry. The New York company discovered in August 2024 that around $1.35 million worth of its crypto assets had been siphoned off. It wasn’t an overnight realization; the theft had been going on for some time before they noticed the discrepancy in their accounts. It’s a significant loss, especially for a company working on cryptocurrency wallet schemes, where trust and security are everything.
Can you walk us through the individuals implicated in this theft and how they managed to infiltrate the company?
Absolutely. The key figure here is a man known as Bong Chee Shen, though that’s not his real name. He was hired by the company in December 2022 and quickly recommended two other developers to join him. These individuals used fake identities, presenting fraudulent documents to secure their positions. Shen, for instance, used a forged Malaysian ID, while the others posed as individuals from Michigan and Malaysia under aliases like Joshua Charles Palmer and Chris Yu. What’s alarming is how they slipped through the hiring process, likely exploiting gaps in background checks.
What can you tell us about the specific tactics used to steal the cryptocurrency, based on the investigation findings?
The FBI’s investigation revealed a sophisticated approach. Shen allegedly engineered a vulnerability in the company’s cryptocurrency wallet, which allowed him to drain Tether tokens—a stablecoin pegged to the US dollar. Essentially, he created a backdoor that gave him unauthorized access to the funds. It’s a classic insider threat scenario, where someone with legitimate access exploits it for malicious gain. This kind of attack is incredibly hard to detect until the damage is done.
How did the perpetrators attempt to cover their tracks after stealing the funds?
After the theft, Shen reportedly engaged in a complex money laundering scheme. He moved the stolen funds through multiple blockchains over a three-month period, with the final transaction occurring in November 2024. This process, often called “chain hopping,” is designed to obscure the trail of the money, making it difficult to trace the final destination. It’s a common tactic in crypto thefts, as blockchain transactions, while transparent, can be muddled with enough layering.
What actions has the US government taken to recover the stolen assets for the affected company?
The US Department of Justice and the FBI have been proactive in this case. On April 17, 2024, armed with a warrant, the FBI instructed Tether Limited to seize the stolen funds, which were then transferred to US-controlled wallets by July 17. Currently, they hold over 1 million Tether tokens, valued at approximately $1,008,564. The DOJ is now working through a forfeiture process to return these funds to the company, which is a critical step in providing some relief to the victim.
This isn’t the first time the main individual has been linked to such crimes. Can you shed light on his history of alleged thefts?
Indeed, the man behind the alias Bong Chee Shen, whose real name is believed to be Chang Nam Il, has a troubling track record. He’s been tied to thefts from a blockchain research company in Atlanta, where he allegedly stole over $700,000 by manipulating smart contracts, and another incident in Serbia involving around $200,000 in cryptocurrency. He’s used multiple aliases, like Peter Xiao, and often gets hired through recommendations from other planted individuals. The FBI connected his fake identities through traces like Know Your Customer checks on virtual currency platforms, which is a testament to persistent investigative work.
What broader lessons can companies in the cryptocurrency space learn from this incident to protect themselves from insider threats?
This case underscores the importance of robust hiring processes and continuous monitoring. Companies need to go beyond surface-level background checks, especially in industries handling high-value digital assets like cryptocurrency. Implementing strict access controls, regularly auditing code and systems, and fostering a culture of transparency can help. Also, training staff to recognize red flags—such as consistent communication issues or odd behavior during virtual meetings—can be a game-changer. Insider threats are often the hardest to detect, so prevention must be multi-layered.
Looking ahead, what is your forecast for the evolution of cybersecurity threats in the cryptocurrency industry?
I expect these threats to become even more sophisticated. As cryptocurrency adoption grows, so does the incentive for bad actors to target this space. We’ll likely see more insider schemes, advanced social engineering, and exploitation of emerging technologies. The connection to state-sponsored activities, as alleged in this case with North Korea, adds another layer of complexity. Companies will need to invest heavily in adaptive security measures, real-time threat detection, and international cooperation to stay ahead. It’s a cat-and-mouse game, and unfortunately, the stakes are incredibly high.
