Yinyin Tian

🔴 High Risk

The case of Yinyin Tian highlights a highly sophisticated cryptocurrency laundering operation intricately linked to the North Korean state-sponsored Lazarus Group’s cyber thefts. Operating primarily within China, Tian exploited weaknesses in the cryptocurrency ecosystem and banking networks by leveraging complex laundering techniques such as peel chains, conversion of stolen digital assets into prepaid gift cards, and use of unregistered cryptocurrency trading platforms. Despite efforts to mask the illicit flow of over $100 million through hundreds of transactions, law enforcement agencies were able to meticulously trace and expose the scheme. This case underscores the significant challenges that regulatory and enforcement bodies face in combating cross-border money laundering fueled by emerging technologies and the complicity or vulnerabilities within certain financial and cryptocurrency exchanges. Tian’s laundering activities do not only illuminate the nexus between cybercrime and digital money laundering but also emphasize China’s critical role as a geographic hub in these illicit financial flows, highlighting the ongoing necessity for heightened international cooperation and stricter oversight within China’s financial and crypto sectors to effectively disrupt such illegal operations.

Yinyin Tian is a Chinese national charged with laundering over $100 million in cryptocurrency stolen by Lazarus Group, a North Korean state-sponsored hacking organization. The laundering scheme unfolded mainly through operations in China, where Tian and his accomplice Li Jiadong operated an unregistered cryptocurrency trading enterprise to convert stolen digital assets into fiat currency. They utilized sophisticated layering, peel chains, and alternative transactional methods, including converting Bitcoin into iTunes gift cards, to mask the illicit origins of funds. A substantial portion of laundered money was funneled into Chinese bank accounts, making China a significant hub for laundering activities tied to this case. U.S. authorities have imposed sanctions, initiated asset seizure, and pursued criminal charges, emphasizing the critical role of China-based financial networks in facilitating these illegal operations and underlining the challenges in curbing cryptocurrency laundering linked to state-backed cybercrime groups.

Countries Involved

China, United States, North Korea (via Lazarus Group)

Discovered and reported primarily in 2020 with sanctions and charges announced in March 2020, following the 2018 hack.

Bitcoin (BTC), other cryptocurrencies

Cryptocurrency theft and money laundering linked to state-sponsored cybercrime activities.

Yinyin Tian and Li Jiadong (Chinese nationals), Lazarus Group (North Korea), multiple cryptocurrency exchange platforms, Chinese banks.

No direct involvement of Politically Exposed Persons (PEPs) has been recorded.

Yinyin Tian and Li Jiadong operated an unlicensed cryptocurrency trading operation converting stolen cryptocurrency to fiat currency. They used complex layering techniques such as chain hopping, peel chains, and P2P trading platforms. They disguised the illicit origin by moving funds through hundreds of transactions and hundreds of cryptocurrency addresses. Furthermore, Tian converted significant amounts of Bitcoin into prepaid Apple iTunes gift cards, which can be used to purchase additional Bitcoin, aiding in obfuscation. They conducted thousands of deposits into Chinese bank accounts linked to the criminal proceeds, effectively blending illicit funds with legitimate financial systems in China. These laundering activities were specifically aimed to obscure the origin and movement of over $100 million stolen from the 2018 hack of a cryptocurrency exchange recognized as targeted by Lazarus Group.

More than $100 million worth of stolen cryptocurrency.

Detailed forensic analysis through blockchain tracer tools revealed extensive movement of stolen funds across 146 cryptocurrency addresses controlled by Tian and Li. Multiple transactions layered and peeled funds, moving them among various exchange wallets and bank accounts primarily in China. The flow of funds showed sophisticated methods to avoid detection and evade sanctions, leveraging weak compliance mechanisms of some cryptocurrency exchanges and banks operating in China.

The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned both Tian and Li under Executive Orders aimed to combat malicious cyber activities supporting North Korea. DOJ filed a civil forfeiture complaint seeking asset seizure of funds connected to the laundering. U.S. authorities blacklisted the suspects and designated multiple cryptocurrency addresses, barring U.S. persons from transacting with them. Coordination between OFAC, DOJ, IRS Criminal Investigation Division, and other enforcement agencies led to global efforts to disrupt these laundering operations. These actions underline serious international enforcement targeting illicit finance in the cryptocurrency space flowing through Chinese financial networks.

Yinyin Tian
Case Title / Operation Name:
Lazarus Group Cryptocurrency Laundering Case involving Yinyin Tian
Country(s) Involved:
China, United States
Platform / Exchange Used:
Various P2P platforms, Chinese banks, and cryptocurrency exchanges (specific exchanges undisclosed)
Cryptocurrency Involved:

Bitcoin (BTC), other cryptocurrencies

Volume Laundered (USD est.):
Over $100 million
Wallet Addresses / TxIDs :
146 cryptocurrency addresses sanctioned in OFAC lists and DOJ filings
Method of Laundering:

Layering via peel chains, chain hopping, conversion to gift cards (iTunes), unregistered trading, multiple bank deposits

Source of Funds:

Stolen cryptocurrency from Lazarus Group’s hacks on cryptocurrency exchanges

Associated Shell Companies:

N/A

PEPs or Individuals Involved:

Yinyin Tian, Li Jiadong (Chinese nationals; no known PEPs involved)

Law Enforcement / Regulatory Action:
OFAC sanctions, DOJ criminal charges and civil forfeiture actions, asset seizures, U.S. Treasury designation under multiple EO orders
Year of Occurrence:
2018 (hack), 2020 (charges and discovery), sanctions reinforced through 2025
Ongoing Case:
Ongoing
AML Network Risk Rating:
🔴 High Risk
Quick Links:
Popular Pages:
Disclaimer & Legal:
Facebook-f Twitter Youtube Pinterest-p Instagram Tiktok
© 2025 AML Network. – All Rights Reserved.