North Korea -- Enforcement Actions Regulatory Overview

It's important to clarify the unique nature of "cryptocurrency enforcement actions" involving North Korea. North Korea does not have a transparent internal regulatory system that publicly announces enforcement actions against its own entities for cryptocurrency violations.

Instead, the "most significant cryptocurrency enforcement actions" related to North Korea are almost exclusively external actions taken by international regulators and law enforcement agencies (primarily the United States, but also the UN and other nations) against North Korean state-sponsored hacking groups, individuals, and related facilitators who use cryptocurrency to evade sanctions and fund the DPRK's weapons programs. North Korea is consistently identified as a perpetrator, not a regulator, in the context of illicit crypto activities.

Therefore, the actions below reflect international efforts to counter North Korea's use of cryptocurrency for illicit purposes over the last three years (roughly late 2021 to present).

Significant External Enforcement Actions Targeting North Korea's Cryptocurrency Activities (Last 3 Years)

1. Sanctions Against Cryptocurrency Mixers Facilitating DPRK Money Laundering

• Regulator Name: U.S. Department of the Treasury (Office of Foreign Assets Control - OFAC)

• Entity Targeted: Cryptocurrency Mixers (e.g., Sinbad.io)

• Violation Type: Facilitating money laundering for sanctioned entities, including North Korea's Lazarus Group, for proceeds from major cryptocurrency heists.

• Penalty Amount: Assets frozen, U.S. persons prohibited from transacting with the entity, effective shutdown of the service. (No specific fine amount against the mixer, but the economic impact is a cessation of operations).

• Date: November 29, 2023 (Sinbad.io)

• Outcome: Shut down of the Sinbad mixer, seizure of its infrastructure, and disruption of a critical money laundering avenue for North Korean hackers. This followed similar actions against Tornado Cash in August 2022, which was also used by the Lazarus Group.

  • Source URL (Sinbad): https://home.treasury.gov/news/press-releases/jy1950
  • Source URL (Tornado Cash - relevant for NK links): https://home.treasury.gov/news/press-releases/tn1645

2. Indictment and Asset Seizures Related to Major Cryptocurrency Hacks by North Korean Actors

• Regulator Name: U.S. Department of Justice (DOJ), Federal Bureau of Investigation (FBI)

• Entity Targeted: Individuals and associated cryptocurrency addresses linked to North Korean state-sponsored hacking groups (e.g., Lazarus Group/APT38).

• Violation Type: Conspiracy to commit money laundering, international money laundering, conspiracy to commit computer fraud, theft of cryptocurrency.

• Penalty Amount: Indictment of individuals, seizure of tens of millions of dollars in stolen cryptocurrency.

  • Examples:
    • March 2023: Seizure of $63 million in cryptocurrency related to the March 2022 Axie Infinity's Ronin Bridge hack (where over $625 million was stolen by Lazarus Group).
    • January 2023: Seizure of over $100 million in cryptocurrency related to multiple hacks, including the Harmony Bridge (June 2022) and the Axie Infinity hack, both attributed to Lazarus Group.

• Date: January 2023, March 2023 (and ongoing throughout 2022-2024 for various recovery efforts).

• Outcome: Recovery of a significant portion of stolen funds, disruption of North Korea's ability to cash out illicit gains, and public identification of wallet addresses and laundering techniques used by DPRK actors. The indictments serve as a deterrent and basis for future arrests if individuals leave North Korea.

  • Source URL (Axie/Harmony Seizures - March 2023 Update): https://www.fbi.gov/news/press-releases/fbi-identifies-north-korean-hackers-responsible-for-600m-theft-of-cryptocurrency-from-axie-infinitys-ronin-bridge
  • Source URL (Harmony Seizures - January 2023): https://www.justice.gov/opa/pr/justice-department-announces-largest-cryptocurrency-seizure-ever-affiliated-north-korean

3. Sanctions and Advisories Against North Korean IT Workers Exploiting Crypto Sector

• Regulator Name: U.S. Department of the Treasury (OFAC), FBI, U.S. Department of State, Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA)

• Entity Targeted: North Korean IT workers masquerading as non-DPRK nationals to gain employment in remote IT jobs, including those in the cryptocurrency and blockchain sectors.

• Violation Type: Generating revenue for the DPRK regime, including its WMD programs, by defrauding companies, stealing funds, and gaining access to sensitive networks. This also includes sanctions evasion.

• Penalty Amount: Identification and blacklisting of specific individuals/companies, public warnings to industry, and increased scrutiny of remote hires. (No direct "penalty amount" levied against the workers themselves in the form of a fine, but the objective is to cut off their revenue streams).

• Date: May 16, 2022 (initial advisory), updated and reiterated through 2023-2024.

• Outcome: Increased awareness among companies about the risks of inadvertently hiring North Korean IT workers, leading to stricter vetting processes and disruption of these illicit revenue-generating schemes.

  • Source URL (Joint Advisory): https://www.fbi.gov/news/press-releases/north-korean-it-workers-exploiting-the-global-freelance-market
  • Source URL (OFAC on Individuals/Entities): https://home.treasury.gov/news/press-releases/jy1923 (This example from Nov 2023 includes an individual facilitating funds for Lazarus, though not strictly an IT worker, it highlights the broader enforcement against facilitators)

Summary Note: The consistent theme in these actions is the international community's coordinated effort to disrupt North Korea's use of cryptocurrency as a primary means of funding its illicit weapons programs and evading sanctions. Given the opaque nature of the North Korean regime, there are no known public internal enforcement actions against crypto entities within the DPRK itself.