Upholding North Korea Sanctions in the Age of Decentralised Finance

North Korean actors have stolen billions of dollars over the past decade as part of a massive campaign to generate illicit revenue through cybercrime. In recent years, they have devoted particular effort to stealing virtual assets. The proceeds of these operations help fund the Kim regime’s ballistic missile programme and the development of more robust cyber capabilities, among other initiatives. North Korea’s cyber-criminal activities undermine UN sanctions and represent a distinct threat to international security.

A US-led coalition has responded to North Korea’s exploitation of cryptocurrency by prioritising enforcement against the virtual asset platforms that facilitate money laundering, especially mixing services. Mixers enable users to obfuscate the origins of their cryptocurrency funds by commingling them in a large pool with other users’ assets. Recognising the key role non-compliant mixers such as Tornado Cash have played in North Korea’s cyber-criminal enterprise, US authorities and international partners have launched an aggressive crackdown. Authorities have supplemented their primary enforcement tools – sanctions and platform takedowns – with asset seizures, arrests and the adoption of new laws and regulatory measures. Over the past few months, governments have experimented with novel approaches to combating digital illicit finance, such as the possibility of designating all mixer transactions as suspicious by default.

This paper forms part of a series of research projects funded by the US Department of State to understand and mitigate obstacles to UN sanctions implementation. It aims to examine cryptocurrency mixers’ distinct technical, legal and regulatory dimensions and the challenges they pose to the sanctions regime. The paper provides detailed background information on North Korea’s cyber-criminal statecraft, focusing on North Korean actors’ use of mixers to launder illicitly obtained cryptocurrency. It takes stock of the government response to date, concluding that while actions against non-compliant virtual asset platforms have been effective individually, the campaign’s overall impact on North Korea’s laundering capacity has been limited. It also seeks to grapple with the unintended consequences of interventions, some of which have yet to manifest fully.

The paper offers 14 recommendations for policymakers and practitioners. The first cluster includes suggestions for broadening the current approach to countering North Korean mixer exploitation through unconventional partnerships and new conceptual frameworks. It advocates for empowering the disparate teams fighting cross-cutting North Korean cyber threats to collaborate more closely, and for expanding consideration of the second- and third-order marketplace effects enforcement actions may trigger. The next cluster focuses on cultivating stronger cooperative relations with the private sector. These recommendations emphasise nurturing the development of compliant blockchain privacy alternatives and tailoring government communications to the idiosyncratic virtual asset industry audience. The final cluster of recommendations focuses on raising global cyber security and anti-money laundering and counterterrorist finance standards. Achieving wider implementation of current best practices, with an eye toward augmenting them in light of emerging digital illicit finance risks, would substantially degrade North Korea’s ability to monetise cybercrime.