North Korean Cybercriminals Evade Cryptocurrency Crackdown with Mixer Technology
North Korean hackers have employed mixing services, or “mixers,” to evade detection and launder billions of dollars in cryptocurrency acquired through illicit schemes since the mid-2010s. This tactic has been highly effective in financing the Kim regime’s nuclear weapons and ballistic missile programs and circumventing international sanctions.
Effectiveness of Mixer Technology
According to a new report by the Royal United Services Institute, North Korean cybercriminals have used mixing services to laundered around $1 billion through Tornado Cash alone in 2022. This makes up 30% of all funds sanctioned entities passed through mixers that year.
Despite international efforts to counter this evolving threat, several mixers have been taken down since early 2022. These efforts, led by the US, have dismantled platforms like Blender and Tornado Cash. However, their replacements have emerged quickly with stronger privacy features.
Shifting Threats, Ongoing Challenges
North Korean hackers have merely shifted their activities as a response to the crackdowns and continue to operate with relative impunity. In 2022, they were responsible for 30% of all funds sanctioned entities passed through mixers.
Combating the Threat
To counteract this evolving threat, experts recommend that authorities consider implementing regulations targeted at mixing transactions as a class and investing in the development of compliant anonymity-enhancing technologies.
A Long History of Criminal Pursuits
North Korea’s involvement in digital illicit finance marks a new chapter in the country’s long history of creative criminal pursuits. As early as the late 1900s, DPRK actors gained notoriety as some of the world’s leading traffickers of arms, narcotics, and counterfeit bills.
In 2016, North Korean hackers managed to defraud the Bangladesh Bank of $80 million using sophisticated cyberattacks.
Turning to Digital Assets
More recently, North Korean actors have turned to digital assets, which have quickly emerged as a lucrative and relatively unregulated field noted for its rapid growth, lax regulations, and ambivalent stance toward government. This combination makes it particularly attractive to highly motivated North Korean cybercriminals.
Since 2019, these criminals have managed to steal over $3 billion in cryptocurrency. The most significant heist occurred in spring 2022, when North Korean actors deceived an employee of the blockchain gaming company Sky Mavis, gained access to internal systems, and extracted $625 million from the Axie Infinity game and the Ronin Network.
The Role of Mixers in Virtual Asset Laundering
Mixers have played a significant role in North Korean actors’ virtual asset laundering process, enabling them to disguise the criminal origin of seized funds by blending transactions into a larger pool, making it more difficult for investigators to trace the illicit proceeds.
Adapting to the Cat-and-Mouse Game
While crackdowns on these services have proven effective in disrupting some operations, the ongoing challenge comes from their resilience to disruption and the emergence of new alternatives. As of late 2023, Tornado Cash was processing 80% less volume than before its designation, but its resilience to disruption continues to pose ongoing challenges.
International Collaboration and Innovation
International efforts to counter North Korea’s digital illicit finance activities are noteworthy and should be continued and adapted as needed. Collaboration and innovation among law enforcement agencies and the private sector will be crucial in staying one step ahead of evolving criminal tactics.