Last month, the FBI announced that North Korean hackers had stolen more than $600 million in cryptocurrency from an online gaming company, Axie Infinity, in March 2022. The North Korean hacker unit, the Lazarus Group, has recently focused its cyberattacks on blockchain technologies, stealing an estimated $1.75 billion worth of cryptocurrency in recent years. North Korea’s cyber operations have been well documented in recent years, and the Lazarus Group itself has been heavily sanctioned by the U.S Treasury Department. However, questions remain about how Pyongyang’s cyber agents transfer stolen cryptocurrency into fiat currency for the Kim family regime. There are also allegations that Pyongyang uses stolen digital currency to bolster its nuclear arsenal. If these allegations are true, international sanctions have done little to stem the cryptocurrency-funded advancement of North Korea’s nuclear program. Instead, a tailored securities regulation plan to stem North Korea’s money laundering scheme should be implemented by the United States and its allies.
North Korean cyber agents switched out their digital tokens for ether using decentralized cryptocurrency exchanges. North Korean hackers then utilize “mixers,” which blend cryptocurrency funds with other financial transactions and obfuscate the origins of the ill-gotten funds. Blockchain analytics firm Elliptic estimates that North Korean hackers laundered 18 percent, or around $108 million, of the funds stolen during the attack on Axie Infinity. This lucrative theft will embolden Pyongyang and encourage even more attacks from North Korean hackers on blockchain targets
While North Korea is an impoverished country without access to the internet for the vast majority of its citizens, its cyber agents are extremely sophisticated and knowledgeable on cryptocurrency matters. For example, the North Koreans are extremely interested in mining Monero, “the privacy coin.” North Koreans prefer this cryptocurrency since Monero mining is possible from conventional computers, transactions remain anonymous, and the funds are extremely hard to track.
However, questions remain about how North Korean hackers convert stolen cryptocurrency into fiat currency for the regime. One of the most plausible scenarios is that North Korea uses its long-established illicit networks in the developing world to carry out money laundering schemes. Since the 1970s, many North Korean diplomats and embassy officials in Africa and Southeast Asian nations have engaged in illicit activities such as drug trafficking and ivory smuggling. With this in mind, the North Korean regime is likely utilizing these underground criminal networks for its cryptocurrency ecosystem.
While most legitimate companies will not accept cryptocurrency as payment for physical items, some shady entities in the Asian criminal underground may be willing to sell the North Koreans much-needed items for inflated cryptocurrency prices, meaning that North Koreans living abroad could be using cryptocurrency to purchase oil shipments and military technology. Alternatively, the North Koreans could be converting digital currency through casinos and other gambling ventures in Southeast Asia. For instance, after the 2016 Bangladesh Bank cyber heist, North Koreans used casinos in Southeast Asia to wash their stolen funds and convert them into casino chips and then into cash. Since the pandemic began in February 2020, North Korean diplomats and officials have not returned home due to tight border closures. Nonetheless, these politically committed and loyal workers remain active in the global margins, supporting the Kim family regime and funneling funds into the Party’s coffers.
It was already well known that North Koreans are using digital currency mixers to make criminal proceeds indistinguishable from the funds of other customers. However, U.S officials have finally realized that sanctioning these mixers could undermine North Korea’s cyber activities. For example, on May 6, the Treasury Department sanctioned a virtual currency mixer, Blender.io, for the first time. North Korean hackers had used this mixer extensively for illicit financial activities. Under Secretary of the Treasury for Terrorism and Financial Intelligence Brian E. Nelson stated, “Today, for the first time ever, Treasury is sanctioning a virtual currency mixer. Virtual currency mixers that assist illicit transactions pose a threat to U.S. national security interests. We are taking action against illicit financial activity by the DPRK and will not allow state-sponsored thievery and its money-laundering enablers to go unanswered.”
North Korea’s stolen cryptocurrency proceeds are hard to track, and the Lazarus Group is adept at quickly laundering digital currency into more legitimate financial streams. This infusion of stolen cryptocurrency into the Kim family regime’s coffers is likely keeping the Party’s elite afloat during the country’s extensive border closures. While the North Korean people suffer under brutal economic conditions, the leadership prioritizes nuclear development and the advancement of the regime’s cyber operations. With these cyber heists, the regime is able to stay afloat during internal economic distress. In confronting Pyongyang’s aggression and belligerence on the international stage, analysts and sanctions officials should assess North Korea’s cryptocurrency heists and money laundering schemes more robustly.
However, this is also a structural issue with the crypto-economy. Rather than issuing largely symbolic sanctions on North Korean cyber entities whenever there is a major Pyongyang-affiliated hack, U.S officials should focus their efforts on regulating the entire cryptocurrency industry. The decentralized nature of cryptocurrency appeals to North Korean hackers, and the U.S government needs to take a more aggressive approach to regulating the entire industry. The technology is ripe for sanctions evasion, and authoritarian governments, such as North Korea, use these decentralized platforms to avoid regulated Western economic institutions. By making cryptocurrency a national security issue, the U.S government can enforce much-needed regulations on this industry and ensure that foreign adversaries do not use the technologies for nefarious agendas that threaten American institutions’ financial and political stability. Fraud and hacks are ripe in the crypto-economy, and U.S consumers need to understand the national security implications of the unregulated world of crypto.
Benjamin R. Young is an assistant professor of homeland security and emergency preparedness in the Wilder School of Government and Public Affairs at Virginia Commonwealth University. He is the author of the book Guns, Guerillas, and the Great Leader: North Korea and the Third World, and his writing has appeared in a range of media outlets and peer-reviewed scholarly journals. Follow him on Twitter @DubstepInDPRK.