The Cyber-Crypto-Sanctions Nexus

As financial sanctions have developed as a tool of foreign policy and national security, increasing in both complexity and sophistication, so too have the strategies for avoidance (so-called 'sanctions-busting?). This is not least the case for the most heavily sanctioned country in the world -  the Democratic People's Republic of Korea (DPRK), otherwise known as North Korea.

Despite a number of UN Security Council Resolutions which have imposed global and extreme sanctions on the DPRK (including on, for example, luxury goods and seafood), the North Korean regime has demonstrated a robust capacity for bypassing sanctions using innovative strategies.

While these strategies are sometimes more ?analogue? - such as ship-to-ship transfers (i.e. a DPRK and non-DPRK vessel meet in the ocean and undertake illicit transactions, often exchanging refined petroleum for North Korean coal), an increasingly prevalent cyber-crypto-sanctions nexus is emerging. While the full extent is unknown, the August 2019 UN Panel of Experts Report estimated that the DPRK has acquired $2 billion through its cyber-activities in an effort to evade international sanctions.

There is no doubt about the proficiency of North Korea's cyber operations or their intent to aim such operations at the financial system. In the past four years, North Korea has attacked entities including the Bank of Bangladesh, Taiwan's Far Eastern International Bank, and ATM networks throughout Africa and Asia. In recent years, cryptocurrency has presented a potentially attractive method for sanctions evasion, and North Korea has been especially successful in obtaining and using crypto. While other sanctioned actors have indicated interest in creating nationalised cryptocurrencies, North Korea has worked within the global cryptocurrency infrastructure to use coins such as Bitcoin and Monero for their own purposes. And, it seems, this has been the most successful approach to date.

Estimates vary widely on the amount of cryptocurrency North Korea has acquired, with the UN Panel of Experts? list tallying up to a minimum of $170 million. Most other experts estimate this number to be much higher, especially when considering the hacks that may not have been reported in the public domain.

While most of this money appears to have come from hacks of cryptocurrency exchanges, North Korea has also reportedly been involved in mining cryptocurrency through hacking (?crypto-jacking?), scamming cryptocurrency users, and utilising ransomware. And despite the constant fluctuations in the price of, for instance, Bitcoin, North Korea's amassing of cryptocurrency is far from useless.

The WannaCry ransoms were moved from bitcoin wallets to ShapeShift, a cryptocurrency exchange in Switzerland where the coins were swapped for Monero, a cryptocurrency with an opaque blockchain (unlike Bitcoin's famously transparent blockchain). In essence, this means the trail for investigators went dark. In one of the Bithumb exchange hacks, North Korean hackers moved the stolen cryptocurrency to their own wallets and then transferred it onwards to a YoBit, a Russian cryptocurrency exchange, a platform which offers trading in WebMoney and other value transfer services.

While this may seem impossible to counter, all hope should not be lost. The similarity between ShapeShift and YoBit at the times of those transactions was that they had little to no KYC/CDD requirements. North Korea, along with most other illicit actors, relies almost entirely on the anonymity available in the current cryptocurrency infrastructure. The scrutiny which banks are under for suspicious transactions is almost non-existent in the cryptocurrency industry, but not for lack of risk. Governments have only recently started realising their responsibility in regulating cryptocurrency businesses, with domestic policies varying widely. Some have begun to adopt regulation in line with last summer's FATF Virtual Asset Guidance, but progress is slow. With North Korea sure to inspire other sanctioned actors, the international community needs to wake up and work together, sooner rather than later.

UK Finance undertakes specific work on counterproliferation financing; for example May 2019's maritime counter-proliferation webinar. You can find more information on DPRK's use of cryptocurrency in RUSI's paper ?Closing the Crypto Gap: Guidance for Countering North Korean Cryptocurrency Activity in Southeast Asia.



Area of expertise: