How was your cryptographic booty lava?
Every time the Hermit, a company or protocol, as when it looted $ 1.5 billion of Crypto Exchange Bybit on February 21, faces the important challenge of eliminating its assets.
He cannot simply send the funds to an important exchange such as Binance or Coinbase, because such companies implement controls and work with their client’s knowledge (KYC) and work together with the law enforcement agencies to freeze illegally obsessed funds as soon as they are deposited on their platforms.
Instead, North Korea uses a well -developed network of free sales runners (OTC) to wash stolen funds, according to ARI Redbord, head of the global policy of the Blockchain TRM Labs analytics firm.
“They will seek worldwide exchanges that do not have compliance controls instead,” said Redbord, former main advisor of the Undersecretary and the Undersecretary of Terrorism and Financial Intelligence in the United States Treasury, to COINDESK in an interview. “Everyone uses Chinese money laundering organizations. The posters use them to move funds. There is a network that North Koreans have used for years. “
“But it’s not just China. Look around the world in places where it has no regulation or lack of money laundering controls. Russia has been like a state of money laundering for a long time. There are tons of dark net market activity and ransomware actors that are related to Russia. North Korea has also used casinos in Macao to wash the Fiat. “
Billions out of branches
As far as we know, North Korea has never used cryptography to pay things in the international scene. Instead, try to convert tokens into currencies issued by the Government such as the Chinese renminbi or the US dollar, said Redbord.
But billions out of rambled are not easy. North Korea has stolen more than $ 5 billion since 2017, according to TRM. Broken by month, that means that North Korea has needed to eliminate at least $ 51 million per month on average, which is too much for the capabilities of its money laundering network.
“Inevitably, you see that these funds sit on the wallets for long periods of time. I don’t think they are establishing a strategic reserve of some kind; They are simply not able to eliminate the funds, ”said Redbord. “In each world, North Korea wants those funds outside the chain as fast as they can.”
“It’s a lot of money. Think of Pablo Escobar: he had this big problem with cash storage. I didn’t know where to put everything, ”added Redbord. “That is what North Korea has with cryptography at this time.”
In the case of Bybit Hack, the vast majority of the stolen ETH has already been linked to Bitcoin through Thorswap, a protocol that allows swaps without permission between the Ethereum and Bitcoin networks.
The tour is now feeding through mixers (protocols that allow users to obfuscate their transactions in the block chain) such as Wasabi and Cryptomixer. These platforms generally process no more than $ 10 million per day, which means that North Korea faces possible bottlenecks even before trying to eliminate their stolen funds through the OTC corridors. “If these mixers can continue to absorb the amount of money at stake is an open question,” TRM said in a recent report.
What happens later?
Once the funds are not through the OTC corridors, the path is cooled for blockchain analysis firms such as TRM, but not necessarily for government agencies such as the Federal Investigation Office (FBI), National Security Investigations (HSI) or IRS criminal investigation (IRS-CI), which have a wide panophy of intelligence collection tools at their disposal.
These agencies can use human intelligence (interviews, interrogations and espionage) and indicates intelligence (intercepting communications or collecting information from electronic devices) to promote their research.
These agencies can sometimes recover stolen funds. In the case of the colonial pipe ransomware attack in 2021, the Department of Justice (DOJ) was finally able to recover almost 85% of Bitcoin’s rescue (BTC) paid to the Russian Darkside cybercriminal group. It is not clear how the researchers obtained the private keys of the piracy group.
The Chinese Ghost Companies Network that uses North Korea to wash funds, whether crypto or other sources, is constantly monitored by US agencies in collaboration with Japanese and South Korean authorities, said Redbord. And obtaining washed funds through the Chinese banking system does not necessarily mean that the game is won for North Korea.
In 2019, Federal Prosecutors of the United States served three Chinese banks in a case of money laundering from North Korea. That would normally be impossible because the United States government has no jurisdiction on the Chinese banking system, Redbord explained, who worked in the case.
But a provision under the Patriot Law of the USA. UU. It allows practice in specific circumstances. If the foreign bank does not respond, the United States government can cut the bank’s correspondent bank, essentially disconnecting the Foreign Bank of the US banking system.
In that particular case, Chinese banks finally complied with the summons, said Redbord. But the strategy is difficult to replicate because it requires serious political capital. “We are talking about some of the world’s largest banks. If they really were to cut the correspondent bank of one of the main Chinese banks, it would not be good for the economy, ”said Redbord. That is why the Secretary and Treasury Attorney must sign this type of strategy.
“If any administration were willing to lean a little, this would probably be,” said Redbord. “Issue a citation to a small or medium Chinese bank is probably something worth doing. Send a really strong message. “
