How does North Korea wash crypto booty?
The Kingdom of Hermit faces the key challenge of off-ramping assets every time they hack a company or protocol, like when they plundered $1.5 billion from Crypto Exchange Bybit on February 21.
Such companies cannot simply send funds to major exchanges such as vinance or Coinbase, as they will perform customer (KYC) checks and work with law enforcement to freeze funds that have been illegally used as soon as they are deposited on the platform.
Instead, North Korea uses a well-developed network of commercial brokers to wash stolen funds, according to Ari Redbord, global policy director at blockchain analytics firm TRM Labs.
“They will consider replacing them globally with no compliance controls in place,” Redboard, former senior adviser to the Deputy Secretary and executive director of terrorism and financial information at the U.S. Treasury Department, told Coindesk in an interview. “Everyone uses Chinese money laundering organizations. Cartels use them to move funds. There’s a network that North Korea has been using for years.”
“But it’s not just China. Look around the world where you don’t have any shortages of regulations or money laundering control. Russia has been like a money laundering state for a very long time. There are a lot of dark internet market activities and ransomware actors associated with Russia. North Korea also used Macau casinos to wash the Fiat.”
Lose billions
To our knowledge, North Korea has never used cryptography to pay things in the international scene. Instead, they are trying to convert tokens into government-issued currencies like the Chinese yuan and the US dollar, Redboard said.
But billions of dollars worth of value is not easy. According to TRM, North Korea has stole over $5 billion since 2017. The monthly classification means that North Korea should on average off-ramp at least $51 million a month.
“We inevitably see these funds sitting in our wallets for a long time. I don’t think that’s what they’re going to set up some kind of strategic reserve. They just can’t stop the funds,” Redboard said. “In all worlds, North Korea wants to strip these funds out as quickly as possible.”
“It’s a lot of money. Think about Pablo Escobar – he had this big problem with keeping cash. He didn’t know where to put it,” Redboard added. “That’s what North Korea has at Crypto now.”
In the case of Bibit Hack, the majority of stolen ETH is already bridged to Bitcoin via ThorsWap, a protocol that allows for unauthorized swap between Ethereum and the Bitcoin network.
It is currently being fed through mixers such as Wasabi and Cryptomixer (protocols that allow users to obfuscate transactions on the blockchain). These platforms typically handle less than $10 million a day. This means North Korea is facing a potential bottleneck before attempting to off-ramp funds stolen through OTC brokers. “Whether these mixers can continue to absorb the amount they play is an open question,” TRM said in a recent report.
What happens after that?
When funds are classified via OTC brokers, the trails for blockchain analytics companies such as TRM are colder, but they are not necessarily colder for government agencies such as the Federal Bureau of Investigation (FBI), Homeland Security Investigation (HSI), or IRS Criminal Investigation (IRS-CI).
Such institutions may use human intelligence (interviews, interrogation, espionage) and intelligence (intercepting communications from electronic devices and collecting information) to encourage investigations.
These agencies may be able to recover stolen funds. In the case of the 2021 Colonial Pipeline Ransomware Attack, the Department of Justice (DOJ) was able to ultimately recover nearly 85% of the Bitcoin (BTC) ransom paid to the dark side of the Russian Cyber ​​Criminal Group. It is unknown how the investigator obtained the hacking group’s private key.
The network of Chinese shell companies North Korea uses to wash its funds, whether from crypto or other sources, is constantly being monitored by US agencies in cooperation with Japanese and South Korean authorities, Redboard said. And washing up funds through China’s banking system doesn’t necessarily mean that North Korea’s games will win.
In 2019, US federal prosecutors subpoenaed three banks of China in a North Korean financial succession case. The US government has no jurisdiction over China’s banking system, and the Redboard that addressed the case explained that it was impossible.
However, provisions under the US Patriot Act allow for practice under certain circumstances. If a foreign bank does not respond, the US government is permitted to cut off the bank’s correspondent bank. Essentially disconnects foreign banks from the US banking system.
In that particular case, the Chinese bank ultimately complied with the subpoena, Redboard said. However, strategies require serious political capital and are difficult to replicate. “We’re talking about the world’s largest bank. If we actually cut off a correspondent bank from one of the major Chinese banks, that wouldn’t be good for the economy,” Redboard said. That’s why the Treasury Secretary and Attorney General need to sign off on this type of strategy.
“If any of the administrations were leaning in the slightest, that’s probably the case,” Redboard said. “Issuing subpoena to small or medium-sized Chinese banks is probably worth doing. It really sends a strong message.”
