The US Treasury has disclosed that North Korean cybercriminals are taking advantage of gaps in the decentralized finance (DeFi) sector to launder money and conceal illicit activities.
In a report released on Thursday, the government body highlighted that various rogue groups, including North Korean hackers, are leveraging the lack of stringent compliance by some DeFi platforms to Anti-Money Laundering (AML) and Countering the Financing of Terrorism (CFT) standards.
The document further emphasized that the inadequate or absent AML/CFT measures in certain international DeFi services, coupled with their subpar cybersecurity defenses, have facilitated the misappropriation of assets.
The report stated, “Our analysis indicates that malevolent entities, encompassing ransomware attackers, fraudsters, and cyber operatives from the Democratic People’s Republic of Korea (DPRK), are employing DeFi platforms as conduits to transfer and launder ill-gotten gains.”
In its comprehensive 40-page document, the report highlighted that “Currently, many DeFi services don’t employ AML/CFT safeguards or mechanisms to ascertain customer identities. This permits the camouflaging of illicit funds almost instantly and under a cloak of pseudonymity.”
Interestingly, the study observed that certain DeFi initiatives deliberately omit AML/CFT measures, viewing it as an alignment with their overarching objective of decentralization.
Yet, the Treasury clarified that “the bulk of money laundering, funding for terrorism, and proliferation finance, in terms of transaction volume and value,” primarily transpires through traditional fiat currency or outside the realm of digital assets.
Given these insights, officials are pushing for enhanced regulatory scrutiny on AML/CFT practices within the DeFi domain and emphasizing the need to fill existing regulatory voids.
The recent report aligns with President Biden’s executive directive concerning digital assets, which was ratified in March the previous year. This directive was primarily focused on fostering the judicious growth of digital assets.
Brian Nelson from the Treasury underscored the difficulties associated with pinpointing individuals associated with operations in the DeFi space. Yet, he emphasized that both centralized and decentralized platforms fall under the purview of the Bank Secrecy Act.
Nelson further posited that certain operations within the DeFi sector might bear a closer resemblance to conventional finance than their purported claims suggest. He remarked, “To some extent, they seem decentralized merely in designation.”
North Korean Hackers Continue to Find New Ways
North Korean cyber-attack units, responsible for a significant chunk of unlawful cyber operations, persistently devise and employ innovative methods to pilfer cryptocurrency assets and subsequently sanitize these gains.
A recent analysis by Mandiant, a cybersecurity enterprise under the Google umbrella, spotlighted a particular hacking faction based in Pyongyang. Known as APT43 or by its alternate alias, Kimuski, this group reportedly utilizes its ill-gotten wealth to procure cloud mining services. This strategy effectively generates ‘clean’ cryptocurrency that lacks any traceable blockchain links, thereby eluding the watchful eyes of law enforcement agencies.
The report stated, “In line with North Korea’s juche ideology of self-sufficiency, APT43 illicitly procures and cleanses sufficient cryptocurrency to fund its operations.”
Earlier in the year, the White House disclosed that North Korean cyber operatives had misappropriated over $1 billion in cryptocurrency over the previous two years. It was further suggested that these stolen funds were channeled to buttress Pyongyang’s missile initiatives.
Additionally, the U.S. administration pointed fingers at the North Korean hacker outfit, Lazarus, implicating them in the breach of Axie Infinity’s Ronin blockchain. This breach resulted in the theft of approximately $625 million, predominantly in Ethereum and USDC.
Despite these allegations, North Korea has consistently rejected claims of its involvement in cryptocurrency heists. The nation has also dismissed accusations related to the Lazarus group, which was earlier implicated in significant cyber incidents like the 2014 Sony Pictures infiltration and the 2017 Wannacry ransomware onslaught.