North Korea's Crypto Heist Hits $1.5 Billion Mark, Stocks Plunge Amid Money Laundering Challenges

North Korea has been actively involved in stealing cryptocurrencies, with a significant portion of its illicit activities focused on hacking companies and protocols to acquire digital assets. One notable incident occurred on February 21, when North Korea successfully pillaged $1.5 billion from a crypto exchange. However, converting these stolen assets into usable funds presents a substantial challenge for the regime.

North Korea cannot directly transfer the stolen funds to major exchanges like Binance or CoinbaseCOIN-- due to stringent Know-Your-Customer (KYC) checks and collaboration with law enforcement agencies. Instead, the regime relies on a network of over-the-counter (OTC) brokers to launder the stolen cryptocurrencies. This network is well-developed and includes various global exchanges that lack compliance controls, making them ideal for illicit activities.

According to experts, North Korea has been using Chinese money laundering organizations for years, but it is not limited to China. Other regions with lax regulations or weak money laundering controls, such as Russia, also play a role in North Korea's illicit financial activities. Additionally, North Korea has used casinos in Macau to launder fiat currencies.

North Korea's primary goal is to convert the stolen cryptocurrencies into government-issued currencies like the Chinese renminbi or the U.S. dollar. However, off-ramping billions in value is not an easy task. Since 2017, North Korea has stolen more than $5 billion in cryptocurrencies, which translates to an average of $51 million per month. This volume of funds is too much for the regime's money laundering network to handle efficiently, leading to significant delays in converting the assets.

In the case of the Bybit hack, the majority of the stolen Ethereum (ETH) has already been bridged to Bitcoin via THORswap, a protocol that enables permissionless swaps between the Ethereum and Bitcoin networks. The funds are then fed through mixers like Wasabi and CryptoMixer, which obfuscate transactions on the blockchain. However, these mixers typically process no more than $10 million a day, creating potential bottlenecks for North Korea's efforts to launder the stolen funds.

Once the funds are off-ramped through OTC brokers, the trail goes coldCOLD-- for blockchain analysis firms, but not necessarily for governmental agencies. These agencies have a broad range of intelligence-gathering tools at