· 2 min read

US Treasury Report: North Korea and Scammers Using DeFi to Launder Dirty Money – Regulation Incoming?

Source: Vchalup/Adobe

The US Treasury has revealed that North Korean hackers and scammers exploit loopholes in the decentralized finance (DeFi) space to launder money and hide criminal activity.

In a Thursday report, the federal agency claimed that North Korean hackers and other groups engaged in illicit activity have benefited from the non-compliance of some DeFi platforms with certain Anti-Money Laundering (AML) and Countering the Financing of Terrorism (CFT) regulations.

The report added that weak or non-existent AML/CFT controls for DeFi services in other jurisdictions, as well as poor cybersecurity controls by DeFi services, lead to the theft of funds.

"The assessment finds that illicit actors, including ransomware cybercriminals, thieves, scammers, and Democratic People’s Republic of Korea (DPRK) cyber actors, are using DeFi services in the process of transferring and laundering their illicit proceeds."

The 40-page report further noted that “DeFi services at present often do not implement AML/CFT controls or other processes to identify customers, allowing layering of proceeds to take place instantaneously and pseudonymously.”

The report found that some DeFi projects intentionally lack AML/CFT controls as part of their decentralization goals. 

However, the Treasury stated that "most money laundering, terrorist financing, and proliferation financing by volume and value of transactions" occur in fiat currency or outside the digital asset ecosystem. 

Officials recommend increasing regulatory oversight of AML/CFT for DeFi platforms and addressing any regulatory gaps. 

The latest report is in line with President Biden's executive order on digital assets, which was signed in March last year with the ultimate aim of promoting the responsible development of digital assets. 

The Treasury's Brian Nelson noted that DeFi presents challenges for identifying individuals behind business activities, but emphasized that both centralized and decentralized services are subject to the Bank Secrecy Act. 

He also suggested that some DeFi activity may be closer to traditional finance than claimed. “In some ways, they're really decentralized in name only,” he said.

North Korean Hackers Continue to Find New Ways

North Korean hacking groups, which account for a huge portion of illicit cyber activities, have been continually innovating and finding new ways to steal crypto assets and launder those funds. 

Just recently, a report by Google-owned cybersecurity firm Mandiant noted that Pyongyang-based hacking group APT43, also known as Kimuski, buys cloud mining services with its stolen funds to produce clean crypto with no blockchain-based connections for law enforcement to trace.

“APT43 steals and launders enough cryptocurrency to buy operational infrastructure in a manner aligned with North Korea’s juche state ideology of self-reliance," the report claimed.

Earlier this year, the White House said that North Korean hackers had stolen more than $1 billion worth of crypto in the past two years, adding that Pyongyang has used the funds to support its missile program.

The US government has also claimed that the North Korean hacking group Lazarus was responsible for the hack of Axie Infinity's Ronin blockchain that saw hackers make off with about $625 million worth of Ethereum and USDC.

However, North Korea has repeatedly denied that it seeks to hack crypto and has refuted accusations surrounding the Lazarus group, which has previously been accused of masterminding the 2014 hack of Sony Pictures and the 2017 Wannacry ransomware attacks.