Skip to main content Skip to navigation

State of Financial Crime 2023 Report

North Korea And Cryptocurrency: What You Need To Know

Sanctions Crypto Knowledge & Training

North Korea & Cryptocurrency: What You Need To Know

The Democratic People’s Republic of North Korea (DPRK) has a well-documented history of conducting illegal financial activities in order to circumvent the heavy sanctions that are imposed against its totalitarian government. Those activities generate revenue which is primarily used to shore up the country’s military strength, including the expansion of its nuclear weapons program. As economic sanctions in North Korea have taken effect, the government has been forced to develop more sophisticated ways to generate illegal revenue, including the use of cyber-attacks to steal money from financial institutions around the world. 

Most recently, North Korea has turned to cryptocurrency service providers as a way to evade sanctions restrictions and to launder funds generated from its ongoing illegal financial activities. North Korea has also targeted cryptocurrency exchanges with a range of state-sponsored cyber-attacks in order to steal billions of dollars in tokens. In response to the threat posed by North Korea’s cyber activities, governments and international organizations, including the United Nations, are increasing their focus on economic sanctions on North Korea that target cryptocurrencies and cryptocurrency service providers.  Monument in DPRK: North Korea Cryptocurrency SanctionsAccordingly, financial institutions should understand how North Korea uses cryptocurrencies to acquire and launder illegal funds, and be aware of their regulatory responsibilities under sanctions relating to cryptocurrency and North Korea. 

Cyber-Attacks and Cryptocurrency: North Korea’s Criminal Methodologies

The US Department of Justice estimates that North Korea has used cyber-attacks to illegally acquire over $1.3 billion since 2016, and has seen it increasingly target cryptocurrencies as part of its methodologies. By focusing on cryptocurrency, North Korea exploits the anonymity and speed of digital transactions and the regulatory disparities between jurisdictions across the world. North Korea uses a range of state-sponsored criminal strategies against cryptocurrency service providers, including:

  • Malicious cryptocurrency apps
  • Hacking attacks
  • Ransomware attacks
  • Spear phishing emails
  • Fraudulent Initial Coin Offerings (ICO)

After successfully acquiring cryptocurrency assets via criminal actions, North Korean hackers seek to launder them through cryptocurrency exchange services with poor AML controls and often take advantage of mixing services that further obscure the origin of the illegally-obtained funds. The speed of cryptocurrency transactions means that hackers can transfer funds between accounts in a matter of seconds, often outpacing the capabilities of AML teams and authorities to trace the thefts and reverse the transactions. 

Unlike cyber-criminals operating in other jurisdictions, North Korean cryptocurrency hackers do not generally have to fear the scrutiny of domestic regulatory authorities or the consequences of subsequent AML investigations. Instead, those actors are actively supported by their government and effectively need only to overcome the cybersecurity measures put in place by owners or by service providers to protect targeted assets.  

Examples of North Korea Cryptocurrency Attacks

Although often difficult to attribute, North Korea’s cyber-attacks are highly lucrative. Recent examples of high profile North Korea cryptocurrency cyber-attacks include:

  • The theft of $31.6 million form South Korean crypto exchange Bithumb in 2017. 
  • A spear-phishing campaign against users of the South Korean crypto exchange Youbit in 2017 which claimed 17% of its Bitcoin assets. 
  • The theft of $250 million in virtual currency after the hacking of two US cryptocurrency exchanges in 2018. 
  • The theft of $281 million of cryptocurrency in the hack of the KuCoin exchange in 2020. 

While South Korea is a major target, North Korean cyber-attacks are global. A recent UN report revealed that North Korean attacks targeting cryptocurrency service providers around the world generated around $316.4 million between 2019 and 2020 to fund its nuclear weapons program. 

Cryptocurrency Sanctions Against North Korea

Given the nature of North Korea’s state-sponsored cybercrime programs, international governments and authorities often struggle to punish individuals responsible and instead rely on sanctions to deter further attacks. 

What are the UN’s sanctions against North Korea?

UN sanctions on North Korea have been in place since 2006 as a response to its ongoing nuclear and ballistic missile programs. The economic sanctions have been adjusted and strengthened since their introduction, with the most recent being Security Council Resolution 2397, which was implemented in December 2017. 

The sanctions require UN member-states to prohibit trade with North Korean persons in order to prevent the North Korean government from funding its nuclear ambitions. Although it does not have any dedicated North Korea cryptocurrency sanctions, the UN has emphasized that its Resolutions require member-states to avoid facilitating “financial transactions, technical training, advice, services or assistance” that might contribute to North Korea’s sanctions evasion efforts. In practice, this means that member-states must ensure that North Korea does not use their financial institutions to launder illegal cryptocurrency assets, and must put suitable sanctions screening measures in place in order to do so. 

What are the OFAC sanctions against North Korea?

In addition to UN sanctions, the US also imposes autonomous sanctions against North Korea which are enforced by the Treasury Department’s Office of Foreign Assets Control (OFAC). Covering a broad range of targets, OFAC North Korea sanctions prohibit trade, investment, transactions, and the facilitation of transactions, with persons in North Korea. Like the UN program, this means that US financial institutions must screen their customers’ cryptocurrency transactions against the relevant sanctions lists.  

The US is increasing its focus on the enforcement of North Korea cryptocurrency-related sanctions violations:

  • In 2020, OFAC imposed sanctions against Chinese citizens Tian Yinyin and Li Jiadong for aiding North Korean cybercriminals and issued orders to seize funds from cryptocurrency addresses that the pair held. 
  • In November 2020, the US Department of Justice arrested US citizen, Virgil Griffith, for sanctions violations after he travelled to North Korea to present at a cryptocurrency conference. Under US law, Griffith faces up to 20 years in jail. 
  • In February 2021, the Justice Department charged three North Korean military officials with a range of cryptocurrency offences, including the creation of a fake crypto token known as the ‘Marine Chain Token’. 

How to Comply With North Korea Cryptocurrency Sanctions

Sanctions compliance should be a priority for all financial institutions but in the cryptocurrency space, it is even more important that firms establish and verify the identities of their customers in order to screen them accurately against the relevant sanctions lists. Effective sanctions screening means implementing a software solution capable of capturing the relevant data quickly and accurately while minimizing false positive identifications. 

Important considerations for screening cryptocurrency transactions that may involve North Korean sanctions targets include:

  • Staying up to date with the latest North Korea sanctions designations by checking relevant sanctions lists, such as the UNSC Consolidated List, the OFAC sanctions list, and the UK sanctions list.
  • Accounting for non-Western naming conventions, the use of aliases, and names that use non-Latinate characters. 
  • Screening for politically exposed persons (PEP) that may present a higher risk of being involved in North Korean state-sponsored cybercrimes.
  • Monitoring for adverse media stories that may indicate customers are involved in cybercrimes linked to the North Korean government. 

Learn More

To learn more about sanctions around the world, view our latest report.

View Global Sanctions Guide

Originally published 27 May 2021, updated 06 May 2022

Disclaimer: This is for general information only. The information presented does not constitute legal advice. ComplyAdvantage accepts no responsibility for any information contained herein and disclaims and excludes any liability in respect of the contents or for action taken based on this information.

Copyright © 2023 IVXS UK Limited (trading as ComplyAdvantage).