December 9, 2019 | Policy Brief

DOJ Charges Cryptocurrency Developer with Helping Pyongyang Evade Sanctions

December 9, 2019 | Policy Brief

DOJ Charges Cryptocurrency Developer with Helping Pyongyang Evade Sanctions

The U.S. Department of Justice arrested Virgil Griffith, an American cryptocurrency developer, last week on charges of helping the North Korean regime evade sanctions by using blockchain technology and cryptocurrencies. As working-level talks stall and tensions stir between Washington and Pyongyang, Griffith’s arrest is a reminder that the Kim regime continues to improve its cyber capabilities in order to support its nuclear weapons program, offset U.S. sanctions, and diversify its asymmetric arsenal.

Griffith, a U.S. citizen living in Singapore, allegedly traveled to North Korea in April to present at the DPRK Cryptocurrency Conference. The topic of his presentation, according to the Justice Department, was “the potential money laundering and sanctions evasion applications of cryptocurrency and blockchain technologies.” The indictment charges Griffith with violating the International Emergency Economic Powers Act (IEEPA). The Justice Department’s criminal complaint also noted that Griffith violated the Treasury Department’s regulation forbidding U.S. citizens from exporting goods, services, or technology to North Korea without a license from the U.S. government.

Prior to Griffith’s case, the North Korean regime had already demonstrated a strong interest in exploiting cryptocurrencies to evade UN and U.S. sanctions. As early as 2016, North Korean cyber operatives began targeting cryptocurrency exchanges in South Korea. Since then, North Korea has hacked digital currency exchanges around the world. Most notably, North Korean hackers stole millions of dollars’ worth of cryptocurrencies from two of South Korea’s largest digital currency exchanges, YouBit and BitThumb, between 2017 and 2019.

In addition, cybersecurity firms, such as Recorded Future and AlienVault, have uncovered North Korean attempts to “mine” cryptocurrencies. Mining cryptocurrencies is one way to earn digital currencies legally and involves verifying cryptocurrency transactions of other users on the blockchain. While legal, the mining process requires an excessive amount of electricity and computational power – another example of North Korean leaders hoarding precious resources for their own to fund the regime’s nuclear program.

Although North Korean cyber operatives have also used non-crypto tactics, such as fraudulent inter-bank transfer orders, to generate illicit funds to offset sanctions, Pyongyang has benefitted more by targeting cryptocurrency exchanges.

According to an August 2019 UN Panel of Experts report on North Korean sanctions evasion, North Korea stole approximately $157 million dollars from cryptocurrency exchanges, compared to $137 million from regular banks. Although Pyongyang stole only $20 million more through crypto-related thefts, the report showed that these operations enjoyed a 79 percent success rate, compared to North Korea’s 24 percent success rate when stealing from regular banks.

These trends, as well as the Griffith case, suggest that the North Korean regime seeks to develop new ways to leverage cryptocurrencies due to the higher rate of return and lax security.

The Kim regime’s sponsorship of the DPRK Cryptocurrency Conference reveals North Korea’s strategy towards the United States and its allies: Use military provocations to pressure Washington to accede to Pyongyang’s demands, while building new technological capabilities to evade and weather U.S. and UN economic pressure.

In addition to targeting individual North Korean hackers and coordinated groups of hackers that conduct more complex cyber operations – commonly known as Advanced Persistent Threat groups – the U.S. government should continue investigating non-North Korean individuals and entities helping Pyongyang enhance its sanctions evasion and resistance capabilities. Treasury’s Financial Crimes Enforcement Network should also continue subjecting cryptocurrency exchanges to the same anti-money laundering standards to which it holds money service businesses, thereby undercutting the regime’s ability to engage in illicit financial activities in the cryptocurrency space.

Mathew Ha is a research associate at the Foundation for the Defense of Democracies (FDD), where Trevor Logan is a cyber research associate. They both contribute to FDD’s Center on Cyber and Technology Innovation (CCTI) and Center on Economic and Financial Power (CEFP). For more analysis from Mat, Trevor, CCTI, and CEFP, subscribe HERE. Follow them on Twitter @Matjunsuk and @TrevorLoganFDD. Follow FDD on Twitter @FDD and @FDD_CCTI and @FDD_CEFP. FDD is a Washington, DC-based, nonpartisan research institute focusing on national security and foreign policy.


Blockchain and Digital Currencies Cyber Cyber-Enabled Economic Warfare North Korea Sanctions and Illicit Finance