The Hermit Kingdom, which intelligence agencies say was behind the $1.5 billion Bybit hack, faces “offramping” challenges due to the size of its hauls.
Updated Mar 13, 2025, 2:59 p.m. UTCPublished Mar 7, 2025, 8:02 p.m. UTC
How does North Korea launder its crypto loot?
Each time the Hermit Kingdom successfully hacks a company or protocol — like when it pillaged $1.5 billion from crypto exchange Bybit on Feb. 21 — it faces the significant challenge of offramping its assets.
It cannot simply send the funds to a major exchange like Binance or Coinbase, because such firms implement Know-Your-Customer (KYC) checks and work in conjunction with law enforcement agencies to freeze illegally-obtained funds as soon as they’re deposited on their platforms.
Instead, North Korea uses a well-developed network of over-the-counter (OTC) brokers to launder the stolen funds, according to Ari Redbord, global head of policy at blockchain analytics firm TRM Labs.
“They’ll look to exchanges globally that don’t have compliance controls in place,” Redbord, a former senior advisor to the Deputy Secretary and the Undersecretary for Terrorism and Financial Intelligence at the U.S. Treasury, told CoinDesk in an interview. “Everyone uses Chinese money laundering organizations. The cartels use them to move funds. There’s a network there that North Koreans have used for years.”
“But it’s not just China. Look around the world at places where you have no regulation or a lack of money laundering controls. Russia has been like a money laundering state for a very long time. There’s tons of dark net market activity and ransomware actors that are related to Russia. North Korea has also used casinos in Macau to launder fiat.”
Off-ramping billions
To the best of our knowledge, North Korea has never used crypto to pay for things on the international scene. Instead, it tries to convert the tokens into government-issued currencies like the Chinese renminbi or the U.S. dollar, Redbord said.
But off-ramping billions in value isn’t easy. North Korea has stolen more than $5 billion since 2017, according to TRM. Broken down on
6 Comments
permo-w
do we really think that an entire nation state is unable to set up the apparatus to cheat a few measly KYC checks?
coin to coin exchanges do not require KYC, so hypothetically if they can beat KYC (which surely they can) they wouldn't even need to be depositing the actual coins they stole.
lupusreal
If the Kim family suddenly decided to take the money and run to Dubai (or where-ever crypto scammers retire to), I wonder if anything in North Korea would even change.
dist-epoch
They could sell it at market price (or slightly below) to the US strategic bitcoin reserve. I'm sure no one in the Trump administration would have any moral conundrums about this.
ricardobeat
How long until they get their hands on the US “strategic bitcoin reserve”?
whou
[flagged]
schainks
So, they are banking with HSBC?