North Korea successfully using cryptos to evade US sanctions
Two Washington-based financial intelligence analysts explain how Pyongyang is avoiding global banking laws to turn its crypto-currency into dollars
North Korea is increasingly using crypto-currencies to successfully circumvent US sanctions, according to two Washington-based experts.
Lourdes Miranda, an independent financial intelligence analyst and a financial crimes investigator who specializes in intelligence collection and analysis, and Ross Delston, an independent Washington-based attorney and expert witness who specializes in anti-money laundering and combating the financing of terrorism (AML/CFT) compliance matters, said it was also likely that Pyongyang was both trading with established crypto-currencies and also creating its own.
“International criminals everywhere prefer crypto-currencies and the DPRK is no exception. Crypto-currencies have the added advantage to the DPRK of giving them more ways to circumvent US sanctions. They can do so by using multiple international exchangers, mixing and shifting services – mirroring the money laundering cycle – to exploit international financial institutions that have correspondent banking relationships with the United States,” the pair said in a joint written response to Asia Times questions.
“DPRK can create their own crypto-currencies or use established ones like Bitcoin. Having their own crypto-currency would also facilitate their ability to open online accounts under the guise of a non-adversarial nation using anonymous communication to conceal the user’s locations and usage on the internet,” they added.
Is it possible that DPRK as part of creating its own crypto-currency could create its own blockchain to manipulate their own public record of transactions? Yes, the pair said, and this would be done in order “to appear that transactions are coming from legitimate sources.”
Taking this one step further, Miranda and Delston made it clear that the DPRK could create its own online wallet services – virtual bank accounts – that store, receive and send crypto-currencies into European online wallets that have limited or no Personally Identifiable Information (PII) requirements and/or do not have US sanctions imposed against them.
“Wallets create both public and private keys for security and privacy purposes,” they said. “For example, DPRK could open an online wallet using a Russia-based service, transfer its crypto-currency into a Bulgaria-based wallet service and then transfer it again into a Greece-based wallet service, all through anonymous communication and using their own blockchain.”
The pair say there are two objectives here.
“(First, in order to) avoid AML/CFT scrutiny from European financial institutions that have US correspondent banking relationships, DPRK could hire people to act as nominees who have legitimate PII to open wallets to receive, store and transfer DPRK-disguised crypto-currency,” they said.
“(Second) once the DPRK miners transfer the crypto-currencies into multiple European wallets that appear to come from legitimate sources, the money laundering can begin by mixing, shifting and exchanging crypto-currency into US financial institutions.”
The complexity of the process of mixing and shifting services can vary considerably depending upon the circumstances, and, the relative value and strategic importance of the transactions in question.
“To obscure the origin of DPRK-mined crypto-currencies, DPRK could transfer its crypto-currency from multiple European-based wallets and use multiple mixing services in order to purchase Bitcoin – the most popular and legitimate crypto-currency. Then, using other mixing services, DPRK could split their Bitcoin and transfer them into multiple mixing services, breaking the linear pattern of transactions on the blockchain while remaining in the same crypto-currency type – Bitcoin,” they said.
“A mixer is also known as a Laundry, Tumbler and a Washer. An example of mixing is sending crypto-currency and receiving the same crypto-currency type back. It is equivalent to requesting change for a $100 and receiving different denominations in return totaling a $100.”
Having the ability to conceal the origin of the funds is an extremely important dimension of the DPRK’s activities in this instance.
“Once DPRK split its Bitcoin using multiple international mixing services, it could use shifting services to convert its Bitcoin into another popular crypto-currency such as Ethereum and/or Litecoin to break the linear pattern of transactions on the blockchain to obscure the origin of funds,” they said.
“Most shifting services do not offer fiat currency conversion – fiat currency is any money declared by a government to be legal tender – and many do not have PII requirements, therefore, DPRK would need to find exchanges that will convert their crypto-currencies into fiat currencies.”
And this is all about making the successful exchange of crypto into fiat currencies, and doing so undetected. You can call it integration or the insertion of the virtual currency flow into the mainstream economy.
“Once DPRK mixes and shifts its crypto-currency, then the final and most important stage of the money laundering cycle is reached – integration – by sending its crypto-currency into exchanger accounts that have the capability of converting crypto-currencies into fiat currencies,” they said.
“This is an excellent opportunity for crypto-currencies that originated – or were ‘mined’ – in the DPRK, then split and transferred into multiple European wallets to then find their way to European exchanges that have US correspondent banking relationships with a US bank.
“Voilà, the DPRK now has US dollars with none of those pesky sanctions attached,” said the pair.
This year there has been a concerted ramping up of resources by the US devoted to tracking and defeating this activity. A number of experts including Priscilla Moriuchi, a former top National Security Agency official charged with overseeing cyber threats from East Asia, have come forward to try and highlight the scope, scale and impact of the DPRK’s expanding crypto campaign.
Moriuchi, who is now with the digital intelligence firm Recorded Future, told the Vox in February that the DPRK could be earning as much as $200 million for its nuclear and ballistic missile programs via its crypto-currency channels.
While she identified a network of operational bases created by the DPRK to support this activity in several countries, possibly including China, India, Malaysia and the Philippines, she also said that much more detailed intelligence gathering was required to identify the locations of these bases let alone identify key operational personnel.
She added that the scale of the DPRK’s crypto-currency operation was unknown as of early 2018.