In a new report, the United States Treasury Department revealed that North Korean criminals exploit loopholes in the decentralized finance (DeFi) space and exploit vulnerabilities to facilitate money laundering and hide criminal activities. The Treasury has also noted that most terrorist financing, money laundering, and proliferation financing occurred using fiat or outside the crypto ecosystem.

On April 6, 2023, the Treasury Department published an Illicit Finance Risk Assessment of Decentralised Finance (DeFi). The report claimed that many groups from North Korea are using DeFi to launder proceeds from crime. The report claimed that actors, thieves, ransomware cyber criminals, and scammers from North Korea gained from some DeFi platforms’ infringement by countering the Financing of Terrorism (CFT) and certain Anti-Money Laundering (AML) laws. According to the communication, there needs to be stronger AML/CFT controls for DeFi, and other shortcomings in DeFi services lead to the theft of funds.

Views on the matter

The Treasury’s undersecretary for terrorism and financial intelligence, Brian Nelson, said: “Illicit actors, including ransomware cybercriminals, thieves, scammers, and Democratic People’s Republic of Korea (DPRK) cyber actors, are using DeFi services in the process of transferring and laundering their illicit proceeds.” Nelson added, “Clearly, we can’t do this alone; we call on the private sector to use the findings of the risk assessment to inform your own risk-mitigation strategies.”

The 40-page report noted, “DeFi services at present often do not implement AML/CFT controls or other processes to identify customers, allowing layering of proceeds to take place instantaneously and pseudonymously, using long strings of alphanumeric characters rather than names or other personally identifying information.” The report also states that some DeFi projects intentionally lack AML/CFT controls of the primary goals of decentralization.

Experts from 7Bitcoins mentioned a footnote in the report that mentions ShapeShift’s 2021 transformation to a decentralized exchange to cease to collect customer information for AML/CFT compliance. The report said. “When these entities fail to register with the appropriate regulator, fail to establish and maintain sufficient AML/CFT controls or do not comply with sanctions obligations, criminals are more likely to exploit their services successfully, including to circumvent US and [United Nations] sanctions.”

Even though the assessment aims to “identify the scope of an issue,” the report recommends the US government strengthen its AML/CFT regulatory supervision and consider providing additional guidance for the private sector on compliance checks for DeFi services. The assessment furthers the work outlined in the executive order on virtual assets signed by President Joe Biden in March 2022. Other US government agencies have started investigating the potential impact of aspects of the virtual asset space on the United States financial system and existing payment infrastructure.

According to Nelson, this is the first of its kind in the world. He said, “DeFi can often pose challenges in trying to figure out the individuals behind the business activities. But he pointed out it doesn’t matter whether the services are centralized or decentralized when figuring out whether they’re covered by the Bank Secrecy Act.” Nelson concluded, “Even those that claim full decentralization can really engage in a wide range of activity that falls somewhere closer to traditional finance than they’re suggesting. In some ways, they’re really decentralized in name only.”

Previous cases

In September 2022, the Treasury published a report of crypto risks for consumers’ national security in response to US President Joe Biden’s Executive order. The report’s paragraph stated, “The potential for blockchain technology to transform the provision of financial services, as espoused by developers and proponents, has yet to materialize.” The report discussed the risks that cryptocurrencies pose to users and recommendations to guide and educate.

However, North Korean scamming groups, which account for many illicit cyber activities, have continually innovated and found new ways to steal crypto assets and launder those funds. In March 2023, Mandiant, a cyber-security firm, published a report claiming that APT43, alias Kimuski, acquired cloud mining services with its stolen capital to produce clean crypto with no blockchain-based connections law enforcement could trace. The report noted, “APT43 steals and launders enough cryptocurrency to buy operational infrastructure in a manner aligned with North Korea’s juche state ideology of self-reliance.”

On January 30, 2023, the White House released a statement that North Korean hackers had taken over $1 billion worth of crypto in the past two years. Pyongyang has used the capital to support its missile program. The statement noted, “It criticized weak cyber-security across the industry, and as an administration, the White House remains focused on ensuring cryptocurrencies cannot undermine financial stability, protecting investors and holding bad actors accountable.” The statement added, “The United States law enforcement agencies were increasing their resources to combat illicit activities involving digital assets.”

However, North Korea has repeatedly denied the accusation of hacking crypto or having any involvement in such criminal activities.

Byline: Hannah Parker