North Korea

**Sanctions Evasion:** Bypassing international sanctions to fund the regime's weapons programs and luxury goods for the elite.

**Money Laundering:** Obscuring the origin of illicit funds.

**Cyberattacks and Theft:** Stealing virtual assets from exchanges and financial institutions globally to generate revenue.

**Exchanges, Custody Providers, Payment Processors:** There are no publicly known or established licensing regimes or requirements for these types of entities to operate legally and openly within North Korea for a domestic market. Any virtual asset activity occurring within the DPRK is either:

Directly managed by state-affiliated entities (e.g., intelligence agencies, state-owned banks, research institutions).

Carried out by state-sponsored hacking groups (like the Lazarus Group).

Highly controlled and isolated, serving specific state objectives rather than a private market.

**Registration vs. Licensing Regime:** The distinction between registration and licensing regimes, as understood in conventional financial regulation, does not apply to virtual asset service providers (VASPs) within North Korea. There is no public body for registration or licensing of private crypto businesses.

**Capital Requirements:** Any "capital" involved in North Korea's virtual asset activities is state-provided or stolen. It's not about private companies meeting a capital threshold but the state allocating resources (human and financial) to its cyber operations and sanctions evasion efforts.

**AML/KYC (Anti-Money Laundering/Know Your Customer):** North Korea actively works to *circumvent* AML/KYC procedures globally. Its primary goal is to hide the origin and destination of funds, making it impossible to identify the ultimate beneficial owner. They exploit weaknesses in VASP AML/KYC processes internationally. Within North Korea, there are no requirements for domestic actors to adhere to AML/KYC in the conventional sense, as their operations are designed to bypass such measures.

**Local Presence:** For state-sponsored activities, the "local presence" is the DPRK government itself and its various affiliated entities operating both domestically and through proxies internationally. There is no requirement for a foreign VASP to establish a licensed local presence in North Korea for private operations.

State employees or affiliated personnel.

Members of state-sponsored hacking groups.

Individuals compelled or coerced by the regime.

**United Nations Security Council (UNSC) Panel of Experts Reports on the DPRK:** These annual reports frequently detail North Korea's use of cyber means, including virtual asset theft and exploitation, for sanctions evasion.

Example (look for the most recent reports): UN Security Council - Reports of the Panels of Experts on DPRK

*Note: You will need to browse specific reports for detailed findings on virtual assets.*

**Financial Action Task Force (FATF) Statements and Reports:** The FATF has repeatedly flagged North Korea as a high-risk jurisdiction for money laundering and terrorist financing, highlighting its severe deficiencies in AML/CFT.

Example (Public Statement on High-Risk Jurisdictions subject to a Call for Action): FATF Public Statements

*Note: North Korea is consistently listed here as a jurisdiction with significant strategic deficiencies for which countermeasures are called for.*

**U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) Advisories:** OFAC frequently issues advisories and sanctions related to North Korean cyber activities, including those involving virtual assets.

Example: OFAC - North Korea Sanctions Advisories

Example: Advisory on Potential Sanctions Risks for Facilitating Illicit Ransomware Payments (Often relevant as DPRK groups are involved in such activities).

**Cybersecurity and Blockchain Analytics Firm Reports:** Companies like Chainalysis, Mandiant (formerly FireEye), and CrowdStrike regularly publish reports detailing North Korean hacking groups (e.g., Lazarus Group, Kimsuky, Andariel) and their methods of virtual asset theft and laundering.

Example: Chainalysis - The 2024 Crypto Crime Report (and previous years)

*Note: These reports often feature dedicated sections on North Korean activities.*

**Violation of Foreign Exchange Laws:** Strict controls on foreign currency.

**Anti-State Economic Activity:** Undermining state control over finance.

**Sanctions Evasion:** A constant concern for the regime itself, but also a charge against citizens found using unauthorized foreign assets.

**Prohibited asset:** Violating state control over finance and foreign exchange.

**Evidence of illicit activity:** Leading to severe penalties.

**Utility tokens:** Tokens meant for access to a service.

**Security tokens:** Tokens representing ownership or rights in an asset (if such a concept could even exist privately in NK).

**Payment tokens/Cryptocurrencies:** Bitcoin, Ethereum, stablecoins, etc.

**NFTs:** Any digital asset that could be traded.

**Private issuance of tokens (or any financial instruments) is strictly forbidden.** No individual or non-state entity is permitted to issue financial assets outside of state control.

Any attempt to "issue" a token would likely be viewed as a grave economic crime or an act of subversion against the state's financial monopoly, leading to immediate arrest and severe punishment.

**Illegal:** Violating foreign exchange laws and prohibitions on private financial dealings.

**Covert:** Conducted entirely underground, risking severe punishment if discovered.

**Unregulated:** By definition, as the state seeks to prevent it entirely.

**Arrest and Imprisonment:** Individuals caught possessing or transacting in unauthorized foreign currency (which crypto would fall under) face long prison sentences, often in forced labor camps.

**Asset Seizure:** Any discovered cryptocurrency or assets derived from it would be confiscated by the state.

**"Anti-Socialist" or "Anti-State" Activities:** Engaging in economic activities outside state control can be broadened to include these charges, which carry even harsher penalties, potentially including execution in extreme cases, especially if deemed to be aiding external forces.

**Public Shaming and Re-education:** Less severe cases might involve public denunciation and forced re-education.

North Korean state-affiliated hacking groups (e.g., Lazarus Group) are notorious for stealing vast sums of cryptocurrency from exchanges and DeFi protocols globally. This is done to fund the regime's weapons programs and circumvent international sanctions.

These state actors operate *outside* of international law and any "classification" framework, using cryptocurrency as a tool for illicit finance, not as a regulated asset class.

**Reports from international bodies:** Such as the UN Panel of Experts reports on DPRK sanctions, which detail North Korea's illicit use of cryptocurrency.

*Example:* UN Security Council Resolution 1718 (2006) Sanctions Committee (General sanctions framework, detailed reports often mention crypto activities).

*Example (indirect, reports often cite this):* Various UN Panel of Experts reports to the DPRK Sanctions Committee. These are typically published as UN documents. Search "UN Panel of Experts North Korea cryptocurrency" on the UN Digital Library for specific reports.

**Statements and advisories from foreign governments:** Particularly the U.S. Treasury Department (OFAC) and cybersecurity agencies, warning about North Korean cyber threats and cryptocurrency theft.

*Example:* U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) Advisories (Often contain details on North Korean illicit finance, including crypto).

*Example:* CISA and FBI Advisories on North Korean Malicious Cyber Activity (Contain information on state-sponsored crypto hacking).

**Academic research and analyses from NGOs:** Based on defector testimonies, satellite imagery, and intercepted communications.

**Reference:** FATF High-Risk Jurisdictions (updated regularly): https://www.fatf-gafi.org/countries/#high-risk-jurisdictions

**Reference:** FATF Guidance for a Risk-Based Approach to Virtual Assets and Virtual Asset Service Providers (March 2023 update): https://www.fatf-gafi.org/content/fatf-gafi/en/publications/Fatfrecommendations/Guidance-rba-virtual-assets-vasps-2023.html

**UN Sanctions:** North Korea is subject to extensive sanctions imposed by the United Nations Security Council (UNSC) due to its nuclear and ballistic missile programs. These sanctions severely restrict its access to the international financial system.

**Reference:** UNSC 1718 Sanctions Committee (DPRK): https://www.un.org/securitycouncil/sanctions/1718

**National Sanctions:** Countries like the United States (through OFAC), the European Union, and others implement their own robust sanctions regimes against North Korea, targeting individuals, entities, and financial institutions involved in supporting the DPRK regime's illicit activities.

**Reference:** U.S. Department of the Treasury (OFAC) - North Korea Sanctions: https://home.treasury.gov/policy-issues/office-of-foreign-assets-control-sanctions-programs-and-country-information/north-korea-dprk-sanctions

**Financial Exclusion:** Due to these sanctions and the high-risk designation, North Korea is largely cut off from the legitimate global financial system. Any entities attempting to transact with North Korea, especially concerning virtual assets, face significant risks of violating sanctions and being subject to severe penalties themselves in other jurisdictions.

**State-Controlled and Illicit Activity:** North Korea operates as a highly isolated, centrally controlled state where the government itself is the primary, if not sole, actor in the cryptocurrency space. Its documented activities in digital assets are almost exclusively related to illicit financing, cybercrime (e.g., ransomware, hacking exchanges), and sanction evasion, often conducted by state-sponsored hacking groups like the Lazarus Group.

**No Public Market for Private Services:** There is no known legitimate or public market for private cryptocurrency custodial services, exchanges, or investment funds within North Korea. The concept of "client assets" or "private custodians" as distinct from the state's own operations is fundamentally alien to its economic and political structure.

**Lack of Transparency:** North Korea is one of the most opaque countries in the world. Its laws, especially those concerning financial activities and technology, are rarely, if ever, made public or accessible to the international community. Any internal directives or operational guidelines for state-controlled entities dealing with cryptocurrency would be highly classified.

**Custodial License Requirements:** There are no publicly known licensing requirements for private entities because such private entities operating legitimate crypto custody services likely do not exist or are not permitted. Any crypto activities are either directly run by the state or under its strict, clandestine control.

**Segregation of Client Assets Rules:** This concept presupposes clients and service providers. Since there's no public market for private custody, there are no rules for segregating client assets. The state would not distinguish between its own assets and "client" assets in the way a regulated financial institution would.

**Insurance/Bonding Requirements:** These are market-based protections for customers against loss or insolvency. Given the absence of a public market and private service providers, such requirements do not exist.

**Cold Storage Mandates:** While state-sponsored hacking groups involved in illicit crypto activities undoubtedly use secure storage methods, including cold storage, for their stolen or illicitly acquired funds, these are operational security practices, not publicly mandated regulations for custodians.

**Qualified Custodian Definitions:** There are no publicly defined "qualified custodians" as the framework for private, regulated financial services does not exist in this domain.

**Pending Custody Legislation:** There is no publicly available information or credible indication of any pending legislation concerning cryptocurrency custody in North Korea.

Such laws, if they exist internally for state operations, are highly classified.

There is no public regulatory framework for private digital asset custody services.

**UN Security Council Reports:** These often detail North Korea's illicit financial activities, including the use of cryptocurrency for sanctions evasion and funding WMD programs. These reports describe the *actions* of the DPRK, not its internal regulations.

Example of a UN Panel of Experts report on DPRK sanctions, often mentioning crypto (search for the latest reports annually)

**U.S. Department of the Treasury (OFAC) Advisories:** These documents warn the private sector about North Korea's illicit financial activities, including cyber-enabled theft and money laundering using virtual currencies. They highlight the risks of engaging with North Korean entities.

OFAC Advisory on Potential Sanctions Risks for Facilitating Illicit Houthi and DPRK Shipping (often references crypto)

U.S. Treasury Guidance for the Virtual Currency Industry regarding sanctions compliance (This is US guidance *about* handling crypto, which would include dealing with sanctioned entities like NK).

**Cybersecurity Firm Reports:** Many cybersecurity firms track and report on North Korean state-sponsored hacking groups (like Lazarus Group) and their cryptocurrency exploits. These illustrate the *methods* of crypto use by the DPRK, not its internal regulations.

Chainalysis Reports on North Korea's crypto activities

**Regulator Name:** U.S. Department of the Treasury (Office of Foreign Assets Control - OFAC)

**Entity Targeted:** Cryptocurrency Mixers (e.g., Sinbad.io)

**Violation Type:** Facilitating money laundering for sanctioned entities, including North Korea's Lazarus Group, for proceeds from major cryptocurrency heists.

**Penalty Amount:** Assets frozen, U.S. persons prohibited from transacting with the entity, effective shutdown of the service. (No specific fine amount against the mixer, but the economic impact is a cessation of operations).

**Date:** November 29, 2023 (Sinbad.io)

**Outcome:** Shut down of the Sinbad mixer, seizure of its infrastructure, and disruption of a critical money laundering avenue for North Korean hackers. This followed similar actions against Tornado Cash in August 2022, which was also used by the Lazarus Group.

**Source URL (Tornado Cash - relevant for NK links):** https://home.treasury.gov/news/press-releases/tn1645

**Regulator Name:** U.S. Department of Justice (DOJ), Federal Bureau of Investigation (FBI)

**Entity Targeted:** Individuals and associated cryptocurrency addresses linked to North Korean state-sponsored hacking groups (e.g., Lazarus Group/APT38).

**Violation Type:** Conspiracy to commit money laundering, international money laundering, conspiracy to commit computer fraud, theft of cryptocurrency.

**Penalty Amount:** Indictment of individuals, seizure of tens of millions of dollars in stolen cryptocurrency.

**March 2023:** Seizure of $63 million in cryptocurrency related to the March 2022 Axie Infinity's Ronin Bridge hack (where over $625 million was stolen by Lazarus Group).

**January 2023:** Seizure of over $100 million in cryptocurrency related to multiple hacks, including the Harmony Bridge (June 2022) and the Axie Infinity hack, both attributed to Lazarus Group.

**Date:** January 2023, March 2023 (and ongoing throughout 2022-2024 for various recovery efforts).

**Outcome:** Recovery of a significant portion of stolen funds, disruption of North Korea's ability to cash out illicit gains, and public identification of wallet addresses and laundering techniques used by DPRK actors. The indictments serve as a deterrent and basis for future arrests if individuals leave North Korea.

**Source URL (Axie/Harmony Seizures - March 2023 Update):** https://www.fbi.gov/news/press-releases/fbi-identifies-north-korean-hackers-responsible-for-600m-theft-of-cryptocurrency-from-axie-infinitys-ronin-bridge

**Source URL (Harmony Seizures - January 2023):** https://www.justice.gov/opa/pr/justice-department-announces-largest-cryptocurrency-seizure-ever-affiliated-north-korean

**Entity Targeted:** North Korean IT workers masquerading as non-DPRK nationals to gain employment in remote IT jobs, including those in the cryptocurrency and blockchain sectors.

**Violation Type:** Generating revenue for the DPRK regime, including its WMD programs, by defrauding companies, stealing funds, and gaining access to sensitive networks. This also includes sanctions evasion.

**Penalty Amount:** Identification and blacklisting of specific individuals/companies, public warnings to industry, and increased scrutiny of remote hires. (No direct "penalty amount" levied against the workers themselves in the form of a fine, but the objective is to cut off their revenue streams).

**Date:** May 16, 2022 (initial advisory), updated and reiterated through 2023-2024.

**Outcome:** Increased awareness among companies about the risks of inadvertently hiring North Korean IT workers, leading to stricter vetting processes and disruption of these illicit revenue-generating schemes.

**Source URL (Joint Advisory):** https://www.fbi.gov/news/press-releases/north-korean-it-workers-exploiting-the-global-freelance-market

**Source URL (OFAC on Individuals/Entities):** https://home.treasury.gov/news/press-releases/jy1923 (This example from Nov 2023 includes an individual facilitating funds for Lazarus, though not strictly an IT worker, it highlights the broader enforcement against facilitators)