Whether it’s North Koreans hacking cryptocurrency exchanges, Iranians mining Bitcoin, or the Chinese and Russian governments launching their own digital currencies, the explosion in new forms of payment is creating a host of opportunities for countries to evade sanctions—and a giant headache for the Western powers who try to impose them.
The dollar’s global dominance and American control of many of the levers of the international financial system have for years enabled the U.S. to enforce compliance with sanctions on countries ranging from Iran, Venezuela and Syria, to Cuba, North Korea and Russia.
But the emergence of hard-to-trace cryptocurrencies and digital currencies being developed by central banks offer black-list countries and their financially shackled citizens tantalizing prospects to operate outside the traditional financial system.
Last autumn, the U.S. Department of Justice likened the crypto risk to a national security threat. “Individuals, companies, and rogue regimes may use cryptocurrency in attempt to avoid the reach of economic sanctions imposed by the United States or other rule-of-law countries,” the DOJ’s cyber-digital task force said in a 52-page report.
“They should be concerned,” said Kayla Izenman, an expert on financial crime at the RUSI security thinktank in London. “It’s an area that is growing and not being met equally by regulation and compliance and law enforcement.”
The dark side of the crypto rally
The powerful recent rally in cryptocurrencies, which saw Bitcoin’s value more than quintuple in six months to hit a record high of $64,800 on April 14 before dropping back, will only encourage rogue states and criminals to get in on the act, some experts say.
“As we’ve entered another period where the price of cryptocurrencies is going up, that’s going to attract a range of different threat actors,” said Luke McNamara, principal analyst at cybersecurity specialist Mandiant Threat Intelligence. By way of example, he cited, “criminal groups, the sort of North Korean clusters that we track, [and] groups that are doing things like crypto-mining where they install surreptitious pieces of software to run in the background on victim networks.”
“It becomes more attractive to various adversaries when there’s a massive run-up in price,” he said.
From Minsk to Moscow to Pyongyang
Sanctions have been in the news again this week as the West searched for ways to punish Belarus for forcing a Ryanair airliner to divert to Minsk so it could arrest journalist Roman Protasevich.
Ransomware gangs, which steal and encrypt companies’ data, and then demand millions of dollars in cryptocurrencies in exchange for a decryption key, are thought to operate from Russia and former Soviet republics, including Belarus, cybersecurity experts say. But they have seen no sign of Belarusian state involvement in using cryptocurrencies to evade sanctions.
The most audacious player exploiting the illicit use of cryptocurrencies is North Korea, which faces suffocating U.N.-backed sanctions over its nuclear and ballistic missile programs, leaving it chronically short of foreign currency.
A federal indictment unsealed in February charged three North Korean computer programmers with participating in a wide-ranging criminal conspiracy to steal or extort more than $1.3 billion of money and cryptocurrency from banks and other companies.
The U.S. government alleges that the three programmers—well out of the reach of U.S. justice in North Korea—belonged to North Korean military hacking units known as the Lazarus Group or Advanced Persistent Threat 38.
“North Korea’s operatives, using keyboards rather than guns, stealing digital wallets of cryptocurrency instead of sacks of cash, have become the world’s leading bank robbers,” Assistant Attorney General John Demers told a news conference in February.
The indictment alleged that in 2017 and 2018, the North Korean hackers developed a digital token called Marine Chain, which was intended to trick investors into buying a stake in cargo ships, not knowing that they would be providing cash to North Korea.
“The Marine Chain token, supported by a blockchain, not only would have given the North Koreans a controlling interest in shipping vessels, it would allow them to obtain funds from abroad and skirt U.S. sanctions that were placed on the regime,” said Tracy Wilkison, acting U.S. Attorney for the Central District of California.
The indictment accused the North Korean hackers of stealing at least $100 million from cryptocurrency companies and of developing malicious cryptocurrency applications that gave them a backdoor into victims’ computers.
The U.S. has also accused the North Koreans of creating WannaCry ransomware, which caused worldwide disruption in 2017, and of carrying out a devastating 2014 hack of Sony Pictures in retaliation for a movie depicting the assassination of North Korean leader Kim Jong-un.
A 2019 report by a U.N. panel of experts said large-scale attacks against cryptocurrency exchanges allowed North Korea “to generate income in ways that are harder to trace and subject to less government oversight and regulation than the traditional banking sector.”
North Korean hackers, many operating under the direction of North Korean military intelligence, “raise money for the country’s weapons of mass destruction programs, with total proceeds to date estimated at up to $2 billion,” the report said.
“Big impact on their economy”
McNamara said that, for a small, isolated economy like North Korea’s, the sums involved are significant. “Even bringing in several hundred million would have a big impact on their economy,” he said.
In late 2019, the U.S. charged Virgil Griffith, an American cryptocurrency expert, with violating sanctions law by traveling to North Korea to give a presentation and technical advice on using cryptocurrency and blockchain technology to evade sanctions. Griffith has pleaded innocent, and the case is expected to go to trial later this year.
And then there’s Iran.
In 2018, the U.S. charged two Iranians with using SamSam ransomware to attack more than 200 victims, including hospitals and public agencies in the U.S., collecting over $6 million in ransom payments made in Bitcoin.
Iran, which operates under tough U.S. economic sanctions imposed over its nuclear program, has also become a significant player in Bitcoin mining.
Crypto-asset risk management firm Elliptic estimates that 4.5% of all Bitcoin mining takes place in Iran, allowing the country to circumvent trade embargoes and to earn hundreds of millions of dollars in cryptoassets that can be used to buy imports and bypass sanctions.
Huge amounts of electricity are needed to power the computers that solve complex math problems involved in Bitcoin mining—the process that verifies Bitcoin transactions and creates new Bitcoin.
The Tehran government, which has shown an ambivalent attitude towards cryptocurrencies, fearing they could encourage capital flight, announced a four-month ban on Bitcoin mining Wednesday following blackouts in some Iranian cities.
Digital rubles and digital yuan
U.S. cryptocurrency exchange Coinbase, which was initially valued at $76 billion when it listed on Nasdaq last month, outlined in its prospectus the safeguards it has put in place to prevent transactions by sanctioned states or individuals, including monitoring of IP addresses to identify prohibited jurisdictions or blockchain addresses. Coinbase said the U.S. Treasury’s Office of Foreign Assets Control (OFAC) was reviewing voluntary disclosures it had made about certain transactions.
“To date, none of those proceedings has resulted in a monetary penalty or other adverse action. However, if we were to be found to have violated sanctions … that could result in negative consequences for us,” it said, among other risk factors cited in the document.
Another potential threat to the United States’ ability to police international sanctions is the digital currencies that many central banks plan to launch in response to the growing popularity of cryptocurrencies and the switch to a cashless society. China handed out $30 of its new digital currency each to 50,000 Beijing residents in a pilot scheme in February, and Russia plans to launch a digital ruble in 2023.
Widespread adoption of central bank digital currencies could reduce the dollar’s domination, lessening the power of U.S. sanctions, RUSI’s Izenman wrote in a report this week.
“Russia’s central bank said that a digital ruble could help mitigate the risk of sanctions. Chinese state media claimed in 2020 that ‘sovereign digital currency provides a functional alternative to the dollar settlement system and blunts the impact of any sanctions’,” she wrote.
In 2018, then President Donald Trump signed an executive order barring U.S. citizens from using Venezuela’s planned digital currency, the Petro, which Trump said was aimed at circumventing U.S. sanctions.
U.S. authorities are aware of the challenge cryptocurrencies pose to enforcing sanctions and have responded to it.
In a report published last October, the Attorney General’s Cyber-Digital Task Force said “cryptocurrency presents a troubling new opportunity for individuals and rogue states to avoid international sanctions and to undermine traditional financial markets.”
Cryptocurrencies vary in their level of anonymity, the report said. While Bitcoin addresses do not have names attached to them, Bitcoin’s blockchain is public, so users can understand dealings in Bitcoin to some extent. Other cryptocurrencies, such as Monero, Zcash, and Dash, are known as “privacy coins” because they use private blockchains that make it more difficult to trace transactions, the report said. It also detailed techniques that criminals use to make cryptocurrency transactions harder to trace.
The Justice Department had aggressively investigated “malign actors” who use cryptocurrencies to conceal their illicit activities, the report said. However, it was important for the Justice Department to work with other agencies and countries to strengthen enforcement and policies to stop criminals and terrorists from mis-using cryptocurrencies, it said.
McNamara praised the U.S. government for releasing technical details on North Korean malware to help other network operators defend themselves against the threat.
“The same tools and tactics may be used against a cryptocurrency exchange in South Korea one day and a university in the United States the next. Intelligence sharing is very important. Continuing that is one way to help make it more difficult for them to carry out these sorts of operations,” he said.
Our mission to make business better is fueled by readers like you. To enjoy unlimited access to our journalism, subscribe today.