Here’s how North Korea uses cryptocurrency to evade sanctions
North Korea has a bit more scope and need than the everyday dark web retailer.
Washington-based Lourdes Miranda and Ross Delston recently submitted to the Asia Times a joint explanation of how exactly North Korea (DPRK) is using cryptocurrency to launder funds.
Miranda is an independent financial intelligence analyst and financial crimes investigator who specialises in intelligence collection and analysis. Delston is an independent attorney and expert witness who specialises in anti-money laundering and terrorism financing compliance.
Both said it was likely that Pyongyang is increasingly leaning on cryptocurrency, and gave a step by step breakdown of what exactly that looks like.
Crypto to cash
It starts at cryptocurrency, they say. North Korea is acquiring these in various ways, including through its own mining farms, cryptojacking initiatives, masternodes or even getting behind new projects. When asked whether North Korea could create their own blockchain to manipulate their own public record of transactions, the pair said yes.
"DPRK can create their own cryptocurrencies or use established ones like Bitcoin. Having their own cryptocurrency would also facilitate their ability to open online accounts under the guise of a non-adversarial nation using anonymous communication to conceal the user’s locations and usage on the internet," they explained. It could even create its own wallet services rather than rely on the risk of needing to use others, to ensure it retains as complete control of funds as possible.
The hard part might be anonymously converting that cryptocurrency into more useful and spendable fiat, with a process that spans different continents and cryptocurrencies, as an example of what large scale digital money laundering looks like in the cryptocurrency age.
Around the world
"Wallets create both public and private keys for security and privacy purposes," they said. "For example, DPRK could open an online wallet using a Russia-based service, transfer its cryptocurrency into a Bulgaria-based wallet service and then transfer it again into a Greece-based wallet service, all through anonymous communication and using their own blockchain."
Note: While it may seem like something has been lost in translation, given that soft wallets don't really have a physical location per se, and anyone can download any wallet from anywhere, this probably refers to North Korea's likely use of VPNs or soft wallets opened and used by people in other countries, to avoid triggering flags when sending funds to an exchange in later steps. VPN providers themselves may cooperate with authorities, and North Korea might prefer to avoid that risk.
North Korea has two goals in mind when sending funds around the world, they say.
The first is to have people on the ground in other countries, or perhaps VPNs, to handle funds on behalf of North Korea. It typically uses European-based intermediaries as a bridge, they say.
"To avoid AML/CFT scrutiny from European financial institutions that have US correspondent banking relationships, DPRK could hire people to act as nominees who have legitimate PII (personally identifiable information) to open wallets to receive, store and transfer DPRK-disguised crypto-currency," they said.
The other goal is to use various mixing services. The intensity of mixing will often vary, Mirana and Delston say, depending on the volume and importance of each batch of funds.
"Once the DPRK miners transfer the crypto-currencies into multiple European wallets that appear to come from legitimate sources, the money laundering can begin by mixing, shifting and exchanging crypto-currency into US financial institutions."
The challenges and risks associated with moving funds through multiple exchanges, coupled with a preference for keeping funds as bitcoin, see the DPRK using a variety of mixers and tumblers.
"DPRK could transfer its crypto-currency from multiple European-based wallets and use multiple mixing services in order to purchase Bitcoin – the most popular and legitimate cryptocurrency. Then, using other mixing services, DPRK could split their Bitcoin and transfer them into multiple mixing services, breaking the linear pattern of transactions on the blockchain while remaining in the same cryptocurrency type – Bitcoin."
"A mixer is also known as a Laundry, Tumbler and a Washer. An example of mixing is sending cryptocurrency and receiving the same cryptocurrency type back. It is equivalent to requesting change for a $100 and receiving different denominations in return totaling a $100."
In this case, exchanges seem to be referred to as shifting services.
"Once DPRK split its Bitcoin using multiple international mixing services, it could use shifting services to convert its Bitcoin into another popular crypto-currency such as Ethereum and/or Litecoin to break the linear pattern of transactions on the blockchain to obscure the origin of funds," they said.
"Most shifting services do not offer fiat currency conversion – fiat currency is any money declared by a government to be legal tender – and many do not have PII requirements, therefore, DPRK would need to find exchanges that will convert their cryptocurrencies into fiat currencies."
This is the hard and risky part, where criminals often trip up, trying to convert crypto back to fiat.
"Once DPRK mixes and shifts its cryptocurrency, then the final and most important stage of the money laundering cycle is reached – integration – by sending its crypto-currency into exchanger accounts that have the capability of converting crypto-currencies into fiat currencies," they said.
"This is an excellent opportunity for cryptocurrencies that originated – or were mined – in the DPRK, then split and transferred into multiple European wallets to then find their way to European exchanges that have US correspondent banking relationships with a US bank."
At this point, the crypto is sold for fiat and withdrawn in US dollars.
"Voilà, the DPRK now has US dollars with none of those pesky sanctions attached."
Miranda and Delston suggest that paid intermediaries are similarly doing these conversions, creating accounts on fiat exchanges and selling the crypto. The scope of North Korea's cyptocurrency operations are unclear, but previous estimates have said as much as $200 million to date.
The main obstacle for criminals, in both the crypto to fiat and the fiat to crypto directions, is licensed AMKL/KYC compliant exchanges.
As such, the main challenges coming up for tackling dark money might be the ongoing rise of decentralised exchanges and privacy coins, which help eliminate the need for tumblers and mixers, and rising acceptance of cryptocurrency as a payment method in itself.
Disclosure: At the time of writing the author holds ETH, IOTA, ICX, VET, XLM, BTC, ADA