How Does North Korea Launder Stolen Crypto?
Every country has got some dirty laundry, and North Korea exceedingly so. The country’s security services have engineered several crypto hacks over the last few years. But how does the autocratic state with few allies turn digital assets into fungible cash?
Hacking is the Easy Part
In recent years, North Korea has intensified its crypto hacking efforts. Military intelligence unit Bureau 121 houses at least four known hacking groups. Recently, those groups have upped their game and taken aim at US banks.
They also work to avoid U.S. Treasury sanctions. What’s more, the United Nations believes that officials use stolen cash to fund nuclear weapons development.
But with sanctions and no Gemini or Coinbase to help them offload their crypto, North Korea is in a bind. The millions it has stolen in crypto are worthless until they can spend it.
Christopher Janczewski, an IRS agent on the case who specializes in crypto, told the MIT Technology Review:
I’d say the laundering is more sophisticated than the hacks themselves.
Following the Money
The first step to laundering the money is covering their tracks. One major North Korean hacking group is Lazarus. Recently, they are suspected of stealing hundreds of millions of dollars in crypto. Researchers exposed their methods in August.
So, with vast amounts of crypto in their wallets, the hackers hope to throw law enforcement off their trail. They typically move money around several wallets, and then through different currencies. This adds steps and deceit, making the loot harder to track.
Though effective, this method can be overcome with old-fashioned detective work. Following the money becomes more complicated once Lazarus employs newer tactics. One such method is a so-called “peel chain,” which moves money rapidly around wallets hundreds of thousands of times.
A similar method of keeping their funds private is to move the money across blockchains. It’s no surprise that Lazarus has moved towards privacy currencies in recent years.
Digital Red Herrings
Even with the hackers’ own methods under their belt, investigators still have a lot of work to do. To drop red herrings along the way, the hackers create false identities. Thousands of transactions, wallets, and mistaken identities bait investigators, leaving them frustrated.
Pyongyang depends on the money, too. Researchers believe that up to 15% of North Korea’s income comes from hacking. To make that money spendable, the hackers rely on over-the-counter traders.
Many of these are thought to be tailor-made services in China built expressly to serve North Korea. As these traders add more and more currencies available to trade in fiat, the hackers’ loot becomes harder to trace.
Despite these complications, authorities are doing more to combat the evaders. An uptick in illegal crypto activity has engendered a new security industry. U.S. investigators are preparing better for this type of crime than in the past and have created highly-capable tracking software.
If investigating crypto-crime becomes impossibly difficult, authorities are ready to crowd-source the answer. Perhaps they learned from a case in 2019 when a young American hacker went to North Korea to speak about laundering digital currency.
The IRS recently offered a $625 bounty for anyone who can crack Monero. An engineer with the skills to do that might have a higher number in mind.