August 04, 2023

Van Hollen, Warren, Kaine Call on Treasury to Crack Down on North Korea Crypto Threats

North Korea Uses Crypto to Steal and Launder Billions to Fund Illicit Weapons Program

U.S. Senators Chris Van Hollen (D-Md.), a member of the Senate Banking, Housing, and Urban Affairs and Foreign Relations Committees, Elizabeth Warren (D-Mass), a member of the Senate Armed Services and Banking, Housing, and Urban Affairs Committees, and Tim Kaine (D-Va.), a member of the Senate Armed Services and Foreign Relations Committees sent a letter to Brian Nelson, Under Secretary for Terrorism and Financial Intelligence at the U.S. Department of the Treasury (Treasury) and National Security Advisor Jake Sullivan, expressing concerns about North Korea’s use of crypto to circumvent international sanctions and fund its illegal weapons programs. The senators are asking Treasury to provide details about its plans to address North Korea’s use of crypto to evade sanctions and fill its coffers. 

“According to recent comments by White House Deputy National Security Advisor for Cyber and Emerging Technology Anne Neuberger, ‘(a)bout half of North Korea’s missile program has been funded by cyberattacks and cryptocurrency theft,’ and the country’s misuse of these tactics is increasing. Given the pressing nature of this threat, we ask the Administration to provide details on its plan to stop North Korea and its ‘digital bank-robbing army’ from using digital assets ‘to evade harsh sanctions and support its ambitions to project geopolitical power through nuclear weapons and ballistic missiles,’” wrote the senators. 

Treasury, the Department of Justice, and other national security experts have long noted North Korea’s dependence on attacks on crypto exchanges and users as well as mining crypto to skirt international sanctions and raise money for its illicit weapons programs, including for weapons of mass destruction. Research from blockchain analytics firms shows that of the $3.8 billion of cryptocurrency stolen last year, $1.7 billion – about 44 percent – was stolen by North Korea-backed hackers, four times the country’s previous record for crypto theft from 2021. Over the past five years, North Korea has raised over $3 billion from crypto heists.

A recent report found that since 2018, when North Korean hackers began large-scale crypto attacks, the country’s “missile launch attempts and successes have mushroomed, with more than 42 successes observed in 2022.” And in May 2023, during a hearing of the Senate Armed Services Committee, when asked about the role crypto plays in the development of North Korea’s nuclear arsenal, Lieutenant General Scott Berrier, the Director of the Defense Intelligence Agency, said, “as North Korea steals that money and then tries to turn it into a legal tender, . . . (t)hat is helping them build their nuclear capacity.” Director of National Intelligence Avril Haines added that beyond funding its nuclear program, North Korea’s cyber-and crypto-crime “also pos(es) a cyber-threat to important networks. And that’s part of what it is that we see as a national security threat.”

“That the missile ‘test buildup by Kim Jong Un’s reclusive regime has occurred at the same time as a concerning upswing in crypto heists’ underscores the severity of the threat. Treasury must act quickly and decisively to crack down on illicit crypto activity and protect our national security,” concluded the senators. 

Given these serious concerns, Senators Van Hollen, Warren, and Kaine are asking Treasury to answer a set of questions about its plans to address the serious national security concerns posed by North Korea’s dependence on crypto by August 16, 2023. 

Full text of the letter can be found here and below.

Dear Under Secretary Nelson and Mr. Sullivan:

We write to express concern about the national security threat posed by North Korea’s reliance on digital assets to circumvent international sanctions and embargoes and fund its illegal weapons programs. According to recent comments by White House Deputy National Security Advisor for Cyber and Emerging Technology Anne Neuberger, “[a]bout half of North Korea’s missile program has been funded by cyberattacks and cryptocurrency theft,” and the country’s misuse of these tactics is increasing. Given the pressing nature of this threat, we ask the Administration to provide details on its plan to stop North Korea and its “digital bank-robbing army” from using digital assets “to evade harsh sanctions and support its ambitions to project geopolitical power through nuclear weapons and ballistic missiles.”

The Treasury Department (Treasury), Department of Justice (DOJ), and other national security experts have long noted North Korea’s dependence on cryptocurrency. A 2019 United Nations report found that in 2016, North Korea exhibited a “clear shift” to attacking cryptocurrency exchanges for the purposes of “generating financial revenue.” These “large-scale attacks against cryptocurrency exchanges allow the Democratic People’s Republic of Korea (DPRK) to generate income in ways that are harder to trace and subject to less government oversight and regulation than the traditional banking sector,” enabling North Korean cyber actors, “many operating under the direction of the Reconnaissance General Bureau, [to] raise money for the country’s weapons of mass destruction [programs], with total proceeds to date estimated at up to $2 billion.” The United Nations report identified both North Korea’s theft of cryptocurrency through attacks on exchanges and users as well as the mining of cryptocurrency “as a source of funds for a professional branch of the military.”

These reports affirm that “hacking and cybercrime are key to the North Korean regime’s survival” and that the regime is increasingly using crypto to steal and launder illicit funds and finance its weapons program. Research from blockchain analytics firms shows that of the $3.8 billion of cryptocurrency stolen last year, $1.7 billion – about 44 percent – was stolen by North Korea-backed hackers, four times the country’s previous record for crypto theft from 2021. Over the past five years, North Korea has raised over $3 billion in crypto heists.

A recent Wall Street Journal report noted that since 2018, when “North Korea’s digital thieves began hitting their big crypto attacks,” the country’s “missile launch attempts and successes have mushroomed, with more than 42 successes observed in 2022.” When asked during a May 2023 hearing of the U.S. Senate Committee on Armed Services about the role that crypto plays in the development of the DPRK’s nuclear arsenal, Lieutenant General Scott Berrier, the Director of the Defense Intelligence Agency, said, “as North Korea steals that money and then tries to turn it into a legal tender, . . . [t]hat is helping them build their nuclear capacity.” Director of National Intelligence Avril Haines added that beyond funding its nuclear program, North Korea’s cyber- and crypto-crime “also pos[es] a cyber-threat to important networks. And that’s part of what it is that we see as a national security threat.”

North Korea has methodically built its expertise in digital assets over the last few years. A 2020 United Nations report found that North Korea hosted an international cryptocurrency conference in 2019 in which “international experts in the Blockchain and Crypto industry gathered in Pyongyang to share their knowledge and vision, established long lasting connections, discussed business opportunities and signed contracts in the field of Information Technology.” One participant was told by the conference organizers that he “should stress the potential money laundering and sanction evasion applications of cryptocurrency and blockchain technology.” Since then, North Korea has succeeded in building “what is essentially a shadow workforce of thousands of IT workers operating out of countries around the world, including Russia and China.” Some of these workers have infiltrated crypto companies by hiring “Western ‘front people’—essentially actors who sit through job interviews to obscure the fact that North Koreans are the ones actually being hired.”

That the missile “test buildup by Kim Jong Un’s reclusive regime has occurred at the same time as a concerning upswing in crypto heists” underscores the severity of threat. Treasury must act quickly and decisively to crack down on illicit crypto activity and protect our national security. We therefore request answers to the following questions regarding Treasury’s plans to address the serious national security threats posed by North Korea’s dependence on cryptocurrency no later than August 16, 2023:

  1. What steps is the Biden Administration taking to address North Korea’s reliance on cryptocurrency to evade sanctions?
  2. Reports indicate that North Korea has stolen $3 billion in cryptocurrency over the last five years. Does that track with the Administration’s estimates?
  3. White House Deputy National Security Advisor for Cyber and Emerging Technology Anne Neuberger said that over half of North Korea’s missile program has been funded through cryptocurrency and cybercrime, up from a third just a few years ago. What is the dollar amount? Does the Administration expect that number to rise?
  4. What challenges does the Administration face in arresting North Korea’s growing success in stealing and laundering cryptocurrency and using it to fund its weapons programs? How is it addressing those challenges?
  5. What information does the Administration have about which actors are facilitating the exchange of digital assets for other assets, including inputs into its nuclear program? Where are these actors based? What actions has the Administration taken against these actors?

Sincerely,