Compliance Harmony: How North Korean Cryptocurrency Abuse Is Expanding


Main Image Credit Growing threat: North Korea has been increasing its exploitation of cryptocurrencies. Image: ink drop/ Adobe Stock


Countries must secure new and emerging gateways that are used to circumvent sanctions, as North Korea’s exploitation of cryptocurrency continues.

Blockchain analytics companies are identifying potential links between North Korea and the Harmony Bridge Exploit that occurred in June 2022. In this cyber attack, hackers stole $100 million worth of cryptocurrency, and began transferring funds in a similar manner to North Korea’s approach following the Ronin Bridge hack in March 2022. This latest attack reinforces the need for countries to monitor the rise of new cryptocurrency gateways that allow North Korea to circumvent sanctions and finance its nuclear weapons programme.

Cryptocurrency use is growing in non-banking sectors, known as Designated Non-Financial Businesses and Professions (DNFBPs) by the Financial Action Task Force (FATF), the global financial crime watchdog. Poorly regulated professions including real estate agents, luxury goods vendors, and the casino and gambling sectors find themselves increasingly exposed to crypto-based proliferation financing risks.

High-Risk Sectors and the Role of Crypto

Alongside thoroughbred horses and Mercedes-Benz, Kim Jong-un is also a fan of mega yachts, highlighted by a recent trip to a secluded island off North Korea’s coast onboard his UK-made multi-million dollar boat. His possession of this yacht indicates a flagrant evasion of sanctions as yachts are categorised as luxury goods, prohibited by the UN for export and import by North Korea. The regime values these effects beyond their material benefit, as luxury goods can be re-sold abroad to generate revenue for nuclear weapons. The increasing use of cryptocurrency to purchase luxury goods poses financial and security risks globally. First, using cryptocurrency to purchase luxury items is likely to attract less attention from the traditional financial sector. Luxury purchases, typically flagged as unsuspicious, are less likely to generate an alert as a potential link to North Korea. Second, by reselling items purchased with crypto for fiat currency, North Korea maintains its hard currency reserves.

Real estate is also a sector from which North Korea has profited. Recent UN Panel of Experts reports highlight how North Korean embassy staff lease commercial and residential properties in return for rental income. Previous cases of this in Paris, Rome and Warsaw indicate this activity generates funds for the regime, with diplomats using methods ranging from rerouting transactions to carrying large sums of cash across borders in diplomatic bags, destined for North Korea. Recognising the role played by North Korean diplomats in raising funds for the state’s nuclear programme, in 2017 the UN limited the number of bank accounts per North Korean embassy to one, in an attempt to restrict access to the financial system. Limiting bank accounts may no longer be enough, though. Cryptocurrencies present an emerging vector by which to lease or purchase property. This risk can be exacerbated when real estate agents are not aware of cryptocurrency-focused proliferation finance typologies.

quote
Luxury purchases, typically flagged as unsuspicious, are less likely to generate an alert as a potential link to North Korea

Finally, the use of casinos and the gambling sector by North Korea to launder and move funds is well-known, following the Bangladesh Bank Heist. In 2016, the regime exploited two casinos in the Philippines to launder $50 million of the total $81 million stolen.  The increasing ability to use cryptocurrency at casinos that accept both fiat currency and cryptocurrencies, alongside providing services that allow the user to facilitate bank transfers, offers a prime opportunity for North Korea. If proper crypto-specific monitoring is not carried out by casinos, the sanctioned state actor can launder the proceeds of its growing cryptocurrency-based fundraising activity and use them for further illicit purposes.

Although global compliance requirements set by the FATF are in place if these sectors use a cryptocurrency payment processor to facilitate transactions – known as a Virtual Asset Service Provider (VASP) by the FATF – compliance standards among VASPs vary widely, and plenty of vulnerabilities remain.

What Needs to be Done?

At this point, luxury goods dealers, real estate agents and casinos that engage in cryptocurrency activity are already required to report cryptocurrency transactions that exceed $1,000 according to  FATF due diligence and keep detailed transaction records. However, further risk mitigation strategies need to be taken by both governments and their DNFBP sectors.

Proliferation financing risks and activity in the DNFBP-crypto nexus need to be assessed to understand the vulnerabilities posed by these sectors. The extent that this occurs will vary by jurisdiction, based on the adoption rate and use of cryptocurrency. Importantly, countries should understand that this activity can occur even if there is a domestic ban on cryptocurrency, and they would do well to conduct a risk assessment to understand potential areas of exposure.

quote
The increasing ability to use cryptocurrency at casinos that also allow the user to facilitate bank transfers offers a prime opportunity for North Korea

Once these are identified, DNFBPs can establish effective compliance and risk mitigation strategies to restrict North Korean proliferation financing activities. These measures should involve reviewing previous transactions linked to incoming funds through open source blockchain tracing platforms. Another important compliance step is cross-checking with the US sanctions list of North Korean cryptocurrency addresses to ensure that the incoming funds do not link back to these designations. In the best-case scenario, DNFBPs should increase their understanding of cryptocurrency-centred proliferation financing red flag typologies that North Korea is known to favour. If these flags are identified, a report needs to be filed and submitted to the relevant unit in charge of investigations.

Recognising the limited counterproliferation capacities of DNFBPs beyond complying with UN sanctions and FATF Recommendations, government-led awareness raising is key. To do this, governments need to lead trainings and discussions with the DNFBP and cryptocurrency sectors. These actions can aid in enhancing knowledge on how North Korea operates outside of the scope of FATF customer due diligence standards and evades typical red flags. Along with trainings and discussions, governments should identify sectors that provide cryptocurrency services and register and license them accordingly. Luxury goods dealers, real estate agents and casinos should be subject to a higher level of supervision if cryptocurrency services are provided.

North Korea will continue to exploit the cryptocurrency ecosystem until regulatory gaps are addressed. To combat the multifaceted landscape of proliferation financing, understanding these risks and implementing mitigation strategies in the DNFBP sector is central to public and private sector efforts to counter financial crime.

The views expressed in this Commentary are the authors’, and do not represent those of RUSI or any other institution.

Have an idea for a Commentary you’d like to write for us? Send a short pitch to commentaries@rusi.org and we’ll get back to you if it fits into our research interests. Full guidelines for contributors can be found here.


WRITTEN BY

Sasha Erskine

Research Analyst

Centre for Financial Crime and Security Studies

View profile

Allison Owen

Research Analyst

Centre for Financial Crime and Security Studies

View profile



Explore our related content