Crypto-Kim: Blockchain, Yes; Break Chains, No
The incredible speed with which technology has developed has often left a gap in the regulation of their use. The lack of regulation has become extremely visible in the field of cryptocurrencies, which can be termed as “virtual money” lacking intrinsic value like gold or state backing like fiat currencies. While they are mostly known for their speculative potential, virtual currencies are also used for practical purposes, facilitating e-commerce but also for less orthodox purposes such as illicit trafficking, terrorism, masking illicit earnings and tax evasion. North Korea has taken full advantage of the lax regulations and by using them the Pyongyang government has been able to secure luxury goods that it could not have had access to because of Western economic sanctions. As a determined and sophisticated international player in terms of cybersecurity, in a constant search for financial resources to meet its needs and ambitions, North Korea is expected to continue its efforts to identify ways in which to obtain and spend cryptocurrencies. The prospect of Pyongyang engaging in large-scale operations to avoid sanctions and using virtual currencies as a means of paying for luxury goods and services, or for easing import prohibition, is a risk that could increase in the future and needs to be addressed accordingly. Southeast Asian states are extremely vulnerable to the various types of illicit activities in which North Korea engages using virtual currencies. The ineffective approaches to regulating virtual currencies in the region create a galling systemic risk in the cryptocurrency industry that North Korea will try to make full use of.
Hermit or pariah
North Korea remains an atypical state in the current international system. With the collapse of communist dictatorships in most of the world at the end of the 1990s, analysts preached the end of the Kim Dynasty as inevitable and undoubtable. The same feeling was propagated when China began its transformation into the communist-capitalist hybrid that still baffles us today. China’s influence on Pyongyang was not what the other powers of the international system were hoping for. North Korea remains the only communist dictatorship or, more precisely, the only Stalinist regime of the 21st century (Ioanes Ellen, 2021).
However, considered a harmless glitch in the system, Kim’s dictatorship remained at the outskirts of international affairs, given the expectation that eventually it will solve itself systematically and inertially. The reality has proven wrong the theses of the various analysts, and as it suffocated economically, heading for self-destruction, the dictator Kim Jong-un found a way to keep his regime alive: the nuclear dossier.
The Nuclear Dossier of Korea has reintroduced on the global agenda the issue of agreements for the reduction and non-proliferation of nuclear weapons. North Korea’s nuclear issue became dangerous in autumn 2017, when the Pyongyang government performed several nuclear tests, with the main purpose of showing that the country still exists on the international map and to test the reaction of the great powers. One of the tests, the sixth and most powerful, was performed a few hours after Pyongyang had announced that it had developed a sophisticated hydrogen bomb with a “great destructive power.” The seismic impact caused by the test had a magnitude of 6.3, about ten times higher than that of previous tests and 5 times higher than Hiroshima (Anagha Joshi, 2018).
When Donald Trump took office in the White House, he stated with much emphasis that he would solve the nuclear issue, denouncing from the beginning the steps taken by his predecessor in this matter. The Trump Administration also announced at the time that it will review the Nuclear Policy of the United States and will renegotiate the terms of the NEW START disarmament agreement with Russia. When he had to take steps in this regard, the US President realized that no plan survives first contact with reality. For now, Russia’s and the United States’ interests seem to converge towards preventing the possibility that nuclear weapons end up in the hand of states that are not subject to the rules of the international system, or in the hand of non-state actors, especially terrorist organizations.
In this context, the need for containing North Korean regime, thus limiting its access to financial resources, is critical. The sanctions regime has managed to limit Pyongyang's access to money and subsequently to certain critical means in advancing its plans (Berger Andrea, Anagha Joshi, 2017). However, the technological revolution brings a liberalization of the financial market that no one has foreseen in these terms, so that, through the increased anonymity and the quasi-total lack of regulation of virtual currencies, a series of rogue actors manage to avoid sanctions, which places the financial-monetary system as we know it today in difficulty, as well as international security.
The cyber front
North Korean diplomacy maintains simultaneous open channels of communication with the American Administration, with Beijing and Seoul, highly influential capitals for the survival of the Pyongyang regime. North Korea, however, needs a lot of money to survive. In Russia, Kim has desperately tried to get financial resources, both officially and by speculating illegal smuggling. Trade between the two countries has been substantially reduced in 2018 as a result of the sanctions imposed on Pyongyang by the UN Security Council. Additionally, Russia reduced the number of Nord Korean workers present in the country, from 30,000 to 10,000. The money sent home to their families by these workers was a vital source of foreign currency for North Korea.
But Pyongyang also resorts to extreme actions to get money and bypass international sanctions. Recently, specialists have discovered that Pyongyang is resorting to the exploitation of cryptocurrencies such as Bitcoin. Even though they currently play a peripheral role in gathering government funds, the resource can become more relevant in the future. Pyongyang’s cyber-crime activities have always been extremely varied, ranging from hacking to the mundane such as farming and game currencies items in virtual game worlds to sell to players (also illegal). However, cryptocurrencies give them an additional instrument to circumvent sanctions and ease the risks of crime, just as ransomware perpetrators ask for Bitcoin instead of dollars from their victims. As they are more difficult to track, they can be laundered several times and are independent of government regulations.
Kim’s administration may diversify its cryptocurrency activities. They can be converted immediately into money, they can act as a speculative investment, they can be accumulated into important reserves that can be exchanged for fiat hard currencies at any time, or they can be used to pay for goods, services, and resources otherwise restricted by international sanctions.
Brave new world
Cryptocurrencies are decentralized peer-to-peer payment technologies (P2P), allowing transfers and other transactions in conditions of trust without any legal regulation or intermediaries. The lack of legal regulations and the difficulties facing the authorities trying to track them have made virtual currencies a favorite instrument for cybercriminals in an attempt to bypass the conventional financial and banking system.
Over the past ten years, North Koreans have diversified their operating techniques in cyber-crime, developing a genuine state infrastructure in this respect. Specialists have been able to identify talented young people taken from universities with a technical profile, raised within the secret services, and then illegally infiltrated in neighboring countries, where they perform undercover illegal operations with virtual currency (FinCEN, Guidance on Virtual Currencies, 2018). In 2015, South Korean secret services estimated that about 6,000 cyber war experts work for North Korea. Through them operated the famous Lazarus group, which is considered to be responsible for the stealing of nearly 1 billion dollars from the Central Bank of Bangladesh or the hacking activity from the Coincheck “virtual currency market exchange” in Japan.
As economic sanctions against North Korea increased in intensity and pressure, the dictatorial regime in Pyongyang had to become extremely inventive to bypass them. North Korea is subject to drastic and extended international sanctions imposed by the UN, the USA, the EU, and many other actors. Among these measures is the prohibition against providing financial services to North Korean individuals and entities, or Pyongyang-related ones, restrictions on the supply of raw materials (coal being one of the most important), or restrictions on the market of luxury goods. Individuals or entities that do not comply with these restrictions may risk criminal penalties.
Since the tightening of sanctions, North Koreans have managed to use the voluntary or involuntary participation of other parties to get around sanctions. China, the country receiving over 90% of North Korean exports, was the most active in this respect. Southeast Asia is not to be neglected either. There Pyongyang has managed to build some cover-up companies, use regional ports to trade coal, get passports and other documents with which to better hide individuals who trade with Pyongyang, and develop genuine illegal trafficking networks for money or gold.
Eluding international sanctions is not something new. North Korea has employed various evasion schemes in Southeast Asia. Over time, the North Korean illegal networks have engaged in fundraising through façade companies, secret agents, and subversive financial tools that have avoided commercial and financial restrictions. Given that Southeast Asia is a market that has seen increased intensity of cryptocurrency exchanges, it has become more vulnerable to North Korean activities in this field.
Thus, it is not difficult to understand how they have come to exploit virtual currencies. Specialists have noticed this for the first time in May 2017, when a “Wannacry” ransomware attack with modest results initially signaled the desire and ability of Pyongyang to sponsor cyber-crimes with virtual currencies. Even if it is difficult for the moment to determine the frequency and intensity with which North Korea performs cyber-crimes with virtual currencies, the public sources suggest more and more activities of this kind, many of which are hacking activities of virtual currency exchanges in South Korea (Keatinge Tom, David Carlisle, Florence Keen, 2018).
Through cryptocurrencies, Pyongyang has not only managed to mitigate the impact of sanctions but can also accumulate capital and access goods or services that are otherwise prohibited. The fact that virtual currencies are hard to track helps North Koreans to intensify such activities, which helps them fund their nuclear program or pay intermediaries and other people working for them abroad. Otherwise, it is difficult to explain how North Koreans are able to continue developing their weapons of mass destruction program, given that international sanctions have successfully managed to isolate North Korean banks from the international financial system.
Several experts estimate, relying on the obvious evidence that links cyber-crimes with Kim’s regime, that Pyongyang has a stock of cryptocurrencies that is approaching 210 million USD. However, the Coincheck hack was not included in this calculation. There alone it is assumed that hackers could have been able to steal Virtual Currency Units of NEM worth 510 million USD. It is hard to estimate how quickly these virtual currencies are exchanged by North Korean agents with Euro, USD, or other fiat currencies. Even though they seem to successfully run such operations, it is hard to believe that they have managed to turn virtual currency reserves worth hundreds of millions of USD into cash overnight.
The preferred method through which North Koreans are obtaining virtual currency is not “ransomware” operations, although they seem more effective, but rather the hacking of cryptocurrency exchanges, especially those located in South Korea. Many of South Korea’s virtual currency exchange sites are extremely vulnerable and attractive for North Koreans. The South Korean virtual currencies exchange market is not only close to the Northern border and accessible, but it also conducts about 16% of global virtual currency exchanges. Only the US dollar and Japanese Yen are traded at higher intensity. It is also estimated that in 2018 alone the equivalent of over 1 billion USD in cryptocurrencies was stolen. And this is mainly due to security issues. In many such virtual exchange markets, even minimum cybersecurity requirements are absent, such as a strong password or two-factor authentication.
North Korea has exploited these vulnerabilities very quickly. The attacks on virtual currency exchange markets involve low costs and entail important benefits if we were to analyze them based on efficiency. Between April 2017 and June 2018, there is evidence that Pyongyang has been successfully involved in six such operations and has unsuccessfully attempted ten others. For example, in early 2018, cybersecurity experts have announced they found evidence of malware that “infects” computers to mine the cryptocurrency Monero for North Korea. Monero is the 25th cryptocurrency in terms of market cap in the world.
In May 2018, the Bithumb cryptocurrency market in South Korea forbade access to their northern neighbors (Eleanor Albert, 2018). The reason was that the country has a high-risk potential in terms of hacking activities related to virtual currency. In fact, South Korean officials said the Pyongyang stole cryptocurrency worth billions of Won (1 Won represents about $ 0.0009) and that Kim Jong-un’s regime constantly tries to attack the cryptocurrency exchanges.
But these are not the only cryptocurrency activities of North Korea, mining operations, i.e. the process of creating the virtual currency, being equally relevant. Participants in such network operations are known as miners. They check and date transactions and share them in a public database, called the blockchain. There are specialized nodes that validate transactions and blocks, and connect transaction points. The mining operation is particularly complex and is very difficult to do for a single user. Thus, mining groups have developed, called mining pools. A group of miners combines their processing power to solve cryptocurrency-producing algorithms. The yield and profit of such a business are mainly calculated according to the legislation of the region and the cost of electricity.
There are clues indicating that North Korean specialists have even mined Bitcoin. North Koreans also use mining because, despite the significant effort involved, the operation is still very profitable, even compared to illegal virtual currency operations. The newly mined cryptocurrencies attract much less attention and are more difficult to link to criminal activities.
Then there is also the “Dark Web” tool that facilitates access to a comprehensive palette of crimes (crime-as-a-service – CaaS), respectively the activity through which criminals offer their know-how and technical support to other offenders. Cybercriminals rely on CaaS to offer malware and hacking services to other criminals. It is extremely likely that North Korean agents provide such services in exchange for virtual currencies. Similarly, it is extremely possible that North Koreans would pay with cryptocurrencies for such services. Although there is no clear evidence that North Koreans are involved in “Dark Web” activities, the illicit online markets facilitate the production and use of cryptocurrencies by North Koreans.
Cryptocurrencies solve an extremely acute and short-term issue of the North Koreans, namely the need for hard currency. The North Koreans have to sell their cryptocurrencies quite quickly not just for money, but also because most of the goods and services that Pyongyang wants cannot be bought with cryptocurrencies (Mathew Ha and David Maxwell, 2019). Most of the time, the use of virtual currencies is speculative, as users sell them in a similar fashion to stock market shares.
The scale, intensity, and purpose of cryptocurrency activities of the North Koreans have expanded since the ransomware attack with the Wannacry virus in May 2017. As a determined and sophisticated cyber actor in search of financial resources, North Korea is expected to continue its effort to identify new ways to obtain and exploit cryptocurrencies. The likelihood that Pyongyang will engage in large-scale operations in order to avoid sanctions and use virtual currencies as means of payment for luxury goods and services, or to facilitate prohibited transactions, is expected to increase in the future.
Southeast Asian states are extremely vulnerable to the different types of illicit activities in which North Korea is involved using virtual currencies. The fact that there are ineffective approaches in the region regarding cryptocurrency regulation creates a high systemic risk in the cryptocurrency industry that the North Koreans will try to exploit.
However, the states in the region can take a number of steps to mitigate these vulnerabilities. Firstly, an analysis of local risks generated by cryptocurrency transactions and how Pyongyang can exploit them is needed. Local cryptocurrency infrastructures have different vulnerabilities that need to be studied individually to discover how they can be exploited. Furthermore, this analysis must be complemented by a regional risk analysis to identify cross-sectorial exposure to cyber-crime and cryptocurrency criminality risks.
Secondly, all Southeast Asian states should design legally appropriate responses that will allow them to diminish the risks they are subjected to by North Korea or other actors. These legal provisions must create an extremely broad framework that will regulate the entire spectrum of activities Pyongyang is involved in. In addition, mechanisms that check if they are properly implemented should also be put in place.
Thirdly, each country needs to make sure that at the domestic level it is capable of facilitating successful collaboration between supervisory and regulatory agencies, and information services. The exchange of information, expertise and good practices, and the creation of inter-institutional mechanisms are crucial in addressing these risks and vulnerabilities. In the public and academic environment, it is advisable to create discussion forums dedicated to cryptocurrency that include the risks exposed by North Korean activities.
Last but not least, all of these mechanisms must be extended to the regional level. The Southeast Asian states must be able to develop coordinated responses at the regional level in the face of North Korean threats. This could even mean the establishment of policy coordination frameworks in the field of virtual currencies regulation. Regional partnerships must also provide training for the law enforcement bodies after which they will able to detect and successfully prevent the illegal cryptocurrency-related activities of North Korea. These training courses need to be constant and collaborative, and include exchanges of expertise and information between countries, using the technical assistance of international organizations as well as regional partners.
In this respect, the public-private partnership can prove to be extremely useful. In the private field, there is already relevant expertise when it comes to cryptocurrencies. The private sector may also be more exposed to the illegal activities of North Korea. Private sector employees can benefit from the advice and expertise of law enforcement bodies, they can share their experience, and thus collective strategies can be shaped in order to mitigate the threats stemming from Pyongyang.
Anagha Joshi, (2018) “Model Provisions to Combat the Financing of the Proliferation of Weapons of Mass Destruction: Second Edition”, RUSI, October 2018.
Berger Andrea, Anagha Joshi, (2017) “Countering Proliferation Finance: Implementation Guide and Model Law for Governments”, Published by Royal United Services Institute, July 2017.
Eleanor Albert, (2018) “The China–North Korea Relationship”, Council on Foreign Relations Backgrounder, 13 March 2018 Issue.
FinCEN, (2018) “FinCEN Issues Guidance on Virtual Currencies and Regulatory Responsibilities”, Last accessed: 21.05.2021, at: https://www.fincen.gov/sites/default/files/news_release/20130318.pdf.
Gibraltar Financial Services Commission, (2015) “Distributed Ledger Technology Regulatory Framework”, Last accessed May 14th 2021, http://www.gfsc.gi/dlt.
Ioanes Ellen, (2021) “North Korea is the most isolated country on the planet, but it still finds ways to steal billions of dollars”, Business Insider Magazine, March 3rd, 2021.
Keatinge Tom, David Carlisle, Florence Keen, (2018) “Virtual Currencies and Terrorist Financing: Assessing the Risks and Evaluating Responses”, Brussels: European Parliament.
Mathew Ha and David Maxwell, (2019), “Kim Jong Un’s All Purpose Sword: North Korean Cyber-Enabled Economic Warfare”, Foundation for Defense of Democracies.
Sam Kim, (2018) “Inside North Korea’s Hacker Army”, Bloomberg, 7 February 2018 Issue.
US Department of the Treasury Financial Crimes Enforcement Network (FinCEN), (2016) “Finding that the Democratic People’s Republic of Korea is a Jurisdiction of Primary Money Laundering Concern”, Federal Register, Vol. 81, No. 106, 2 June 2016.