Virgil Griffith had a reputation as a “cult hacker,” a “tech-world enfant terrible.” A 2008 profile in The New York Times Magazine, published when he was 25, called him the “Internet Man of Mystery,” and cast him as “a troublemaker … A twerp. And a magnet for tech-world groupies,” drinking White Russians and “revel[ing] in the attention of his female fans.” Griffith had become notorious the year before, when he launched WikiScanner, a website that used IP address databases to expose the anonymous editors of Wikipedia entries. The site’s release brought on a wave of news coverage, as IPs associated with government agencies, political parties, major multinational corporations and religious institutions, from Pepsi to the CIA to the Church of Scientology, were all implicated. The attention transformed him into a minor celebrity. By 2014, Griffith was still marketing himself as a troublemaker. In a promotional video for the reality show “King of the Nerds,” in which he was a contestant, he describes himself as a “journeyman of the internet dark arts.” “I consider myself a rebel,” he adds, speaking into the camera. “Or at the very least, I play to my own drum.”
Griffith had been living in Singapore and working for a cryptocurrency organization, the Ethereum Foundation, for two years when the U.S. State Department denied him permission to visit North Korea for the Pyongyang Blockchain and Cryptocurrency Conference in April last year. But his rebel attitude meant he went anyway. He was arrested months later when he flew back to the U.S. on Thanksgiving. It was then that the Justice Department revealed that Griffith was facing up to 20 years in prison for violating U.S. sanctions on North Korea, because, according to the FBI, the Alabama-born hacker had “participated in discussions regarding using cryptocurrency technologies to evade sanctions and launder money.”
How Crypto Can Circumvent Sanctions
Since its first nuclear test in 2006, North Korea has been wrestling with U.N. sanctions on everything from its imports of oil and luxury goods to its exports of coal and minerals, as well as certain kinds of financial activity. A host of other countries and multilateral bodies have implemented further measures against North Korea. Unilateral U.S. sanctions are particularly restrictive, targeting a longer list of individuals, businesses and economic activities, including banks, companies and individuals based outside North Korea that are suspected of supporting the state’s weapons program.
But instead of complying with the sanctions, North Korea has reportedly continued to fund those weapons through illicit activities, including the state-sponsored trafficking of arms, drugs and even its own citizens. Last year’s Pyongyang cryptocurrency conference, which was aimed at “building bridges of friendship and collaborations” with tech experts, looked like the regime’s latest attempt to add cryptocurrencies to those sanctions-evading activities. Since 2017, a handful of other states, including Iran, Cuba and Venezuela, have joined North Korea in experimenting with cryptocurrencies as a way to evade international and U.S. sanctions and achieve financial independence.
For decades, nations targeted by U.S. sanctions have searched for ways to move their money outside the U.S.-dominated financial system. To monitor all kinds of international payments, the U.S. relies on the SWIFT messaging service that banks use to communicate payment instructions to each other, and on the correspondent banking system, which routes almost all payments through New York. It is this system, and the oversight it enables, that makes the U.S. ability to implement sanctions particularly effective.
Cryptocurrencies offer an entirely new financial infrastructure, cutting out the need for banks and enabling peer-to-peer transfers that bypass borders as well as regulators’ jurisdictions. Cryptocurrency “mining” involves a highly complex process of verifying other users’ transactions, which requires specialized hardware with significant processing power. Once mined, cryptocurrencies can be exchanged for other assets—whether hard or soft currency, or other cryptocurrencies—or traded by users directly, a process that is now simplified and facilitated by companies like Coinbase that host currencies in app-based “wallets.” Instead of recording transactions in a bank’s ledger, they are catalogued in “blocks” on a blockchain⎯a transparent, distributed ledger technology that stores data on thousands of servers at once, and enables any user to see everyone else’s records in near real-time.
According to Reuters, Griffith may have also been trying to arrange the delivery of crypto mining equipment to help the North Korean regime generate Ether, a cryptocurrency created by his company Ethereum. But North Korea has so far gained more attention for stealing cryptocurrency than creating it. For years, state-backed groups have been helping the regime raise funds by hacking into cryptocurrency exchanges, businesses that enable cryptocurrency to be traded for other assets. Between January 2017 and September 2018, North Korean hackers are thought to have stolen $571 million in cryptocurrency from five exchanges in Asia. Authorities gained insight into how this money was laundered when two Chinese nationals, Tian Yinyin and Li Jiadong, were indicted by the U.S. Treasury Department in March. The U.S. said that Tian and Li stole the equivalent of $100.5 million in cryptocurrency from unnamed exchanges, $34 million of which they converted into Chinese yuan, and a further $1.4 million of which they used to buy iTunes gift cards.
“Without many other ways to legally bring money into the country, North Korea has resorted to straight up stealing it,” says Fred Plan, senior threat analyst at the cybersecurity company FireEye. “North Korea has extremely well-developed cyber capabilities, so for many of the country’s problems, the application of cyber operations has been the go-to solution,” he adds. “Given one of North Korea’s most pressing problems currently is the need for money, it’s no surprise they would exercise their cyber capabilities [to offset] their array of financial problems.” That is especially true since cryptocurrencies deprive the U.S.-centered financial infrastructure of the ability, he says, to “understand, manipulate or track” transactions.
The Perils of ‘Sovereign’ Crypto
Independent cryptocurrencies, like Bitcoin and Ether, were created with the aim of freeing money from government influence and oversight. But in recent years, states around the world have been researching to see how they can take advantage of the efficiency of blockchain technology without losing control of currency. Though no other country is known to carry out brazen crypto heists like North Korea, other states are coming to view blockchain technology as part of a longer-term strategy aimed at undermining U.S. financial power, either by investing in the technology or by developing their own state-backed, “sovereign” cryptocurrencies, also known as central bank digital currencies.
These differ from currencies like Ether or Bitcoin because they are centralized, meaning that payments can be frozen, canceled or otherwise regulated by a central authority, like a country’s central bank. Many central bank digital currencies use blockchain technology, or technology inspired by it. Sweden’s digital currency, the e-krona, for example, uses a blockchain-inspired technology, and China’s digital yuan is also expected to use blockchain to take advantage of its ability to simplify and secure transactions. The emergence of central bank digital currencies has been read as a threat to cryptocurrency’s original aim, since they further empower the very financial systems and governments that crypto was designed to circumvent. As the manager of one cryptocurrency services provider based in Switzerland wrote in VentureBeat in 2018, “In case anyone has forgotten: The end goal of cryptocurrencies was to decentralize power, not to bolster existing centers of authority.”
Russia has also been working on establishing a “crypto rouble.” At a meeting in Tokyo in 2017 where representatives of 25 countries met to try and set international standards for blockchain, the head of Russia’s delegation, who also worked for the FSB, its intelligence agency, reportedly said, “The internet belongs to the Americans—but blockchain will belong to us.” U.S. adversaries are not the only ones experimenting with this technology. The Belfer Center’s Digital Currency Tracker lists seven countries have launched their own pilot digital currencies—China, South Korea, Thailand, Ukraine, Sweden, Uruguay and the Bahamas⎯with at least a dozen more conducting research and development, including the United States.
Some countries are attracted to centralized digital currencies due to their promised ability to eradicate inefficiencies in the financial system, while others are interested in eliminating financial exclusion. Senegal and Tunisia, for example, have experimented with using cryptocurrencies to reach citizens who don’t have bank accounts. But the ramifications for U.S. financial dominance could be the same unless the global financial system, centered on the U.S., can evolve alongside these new digital currencies.
Rather than adapt, though, the U.S. is responding to this new financial landscape by attempting to regulate or ban some digital currencies outright. In 2018, for example, President Donald Trump used an executive order to ban U.S. companies and citizens from using Venezuela’s Petro. But beyond new regulation, policymakers in the U.S. have few options to crack down on these new currencies. “It’s not like nuclear materials, where there’s a lot of hardware and expensive stuff. We’re really talking about software,” Fanusie says. “A lot of it is open source. It’s free software that’s really easy for the developers to create, so they can’t necessarily stop a country from creating these new systems.”
The Future of Finance
For countries under sanctions, cryptocurrencies—whether the likes of Bitcoin, or state-backed digital currencies like Venezuela’s Petro—are a long-term strategy, not a short-term fix. Attempts so far to evade sanctions using this technology, including North Korea’s cybercrimes, have shown that countries are not yet capable of moving enough money around at scale to insulate their economies from sanctions. But it’s early days. We’re still in the very early stages of understanding how different digital currency projects would be structured,” says the Belfer Center’s Kumar. “A world where there are many competing digital currencies,” she adds, “could become a very complicated system with many competing offerings for people to use for payments.
The possibility of sanctions evasion is just one part of a larger challenge as economies around the world adapt to the rise of digital currencies. “These new financial pipelines are going to require innovative approaches to governance and compliance in order to maintain global financial integrity,” Fanusie and his colleague, Trevor Logan, wrote in a report last year for the Foundation for Defense of Democracies. They said that authorities “must do more than passively monitor adversaries’ attempts to build new systems,” and that “U.S. policymakers and financial sector stakeholders will need to take the lead in this evolving international ‘crypto race.’” They urged the U.S. to thoroughly investigate the emerging threats posed by digital currencies, hire blockchain experts to guide U.S. financial authorities, and “encourage computer science talent to build blockchain solutions” by funding private pilot programs.