Friends and foes of the United States share at least one thing in common — they all use U.S. dollars. Even North Korea tries to access the international financial system and procure U.S. dollars to fund and facilitate the procurement of goods and services for its weapons of mass destruction programs. As technologies evolve to create new avenues for accessing the international financial system, the range of methods and tactics at the disposal of rogue actors has expanded. The growing use of cryptocurrencies is a key development in this trend.
U.S. policymakers over the past two decades have increasingly used financial sanctions as a key tool to disrupt terror networks, punish human rights violators, and limit the spread of weapons of mass destruction. The European Union and the United Nations deploy their own sanctions regimes to similar ends. Despite differences in scope and breadth, all three sanctions regimes push on the same pressure point — cutting illicit actors off from the formal financial system to prevent them from moving money and buying goods. The effectiveness of these sanctions depends on government implementation and private sector compliance. Lax enforcement at either level leaves openings for sanctioned entities to exploit. Closing the gaps in a sanctions regime is a responsibility shared by all who participate in international commerce. Broad adherence helps track and disrupt illicit money flows.
However, adversaries continue to find new ways to evade sanctions and move money to finance threats to U.S. and international security. Low-technology workarounds like hawala — a trust-based method of informal money transfer that has been used for centuries — continue to frustrate counter-terror finance efforts. Cryptocurrencies have emerged as a new method of money transfer and appear to be the opposite of hawala: novel, high-tech, and quasi-anonymous. Nevertheless, they undermine sanctions regimes in much the same way. They allow actors to avoid the formal financial system and escape many of the controls that could detect and disrupt illicit activity. Money can cross jurisdictions undetected and then be used without revealing the true identity of the owner. Cryptocurrencies pose a dual threat because they give sanctioned entities ways to hide their participation in the formal financial system or avoid it altogether. Practicable policy responses can close the enforcement gap that technology has created, including lowering barriers to effective information sharing, implementing financial controls around privacy coins, and normalizing legal cryptocurrency use while continuing to disrupt illicit financing and sanctions evasion, wherever they are found.
Using Cryptocurrency to Evade Sanctions
Sanctioned actors are actively evaluating how cryptocurrency can help them evade sanctions. The Venezuelan government reportedly devised a scheme at Caracas international airport to access foreign currencies in contravention of U.S. sanctions. Cargo taxes on domestic and international flights were collected by a third-party digital wallet app that would process payments, convert them into bitcoin and then transfer the coins to international exchange offices in Hong Kong, Russia, China, and Hungary, where they were converted into dollars and moved to Venezuelan government accounts. According to the investigation, the Maduro regime sought to expand this methodology to other airports in the country, and even extend it to refueling services. Airlines are limited in their ability to pay for gasoline when flying to Venezuela, as the national oil and gas provider, Petróleos de Venezuela, S.A., is sanctioned by the U.S. government.
North Korea also looks to cryptocurrency to evade sanctions. In August 2019, the United Nations noted that North Korea had stolen an estimated $2 billion in cryptocurrency and was targeting cryptocurrency exchanges for cyber theft, as it could “more readily” use these proceeds abroad. In March 2020, the U.S. Department of Justice indicted two Chinese nationals for providing “support to North Korea’s cyber heist program,” and revealed how North Korea launders cryptocurrency in order to convert it to U.S. dollars and access the international financial system in contravention of U.N. and U.S. sanctions. The indictment highlights part of North Korea’s multipronged strategy to acquire and use cryptocurrency as either a medium of trade or as a money laundering tool to facilitate conversion into the U.S. dollar. Notably, the conspirators laundered funds from four cryptocurrency exchange hacks by using new bitcoin addresses in back-to-back transactions and stripped small amounts currency off to four different cryptocurrency exchanges — a method known as a “peel chain” — to obfuscate the origin of the funds before consolidating the funds from the four exchanges at two final exchanges.
Using Cryptocurrency to Enforce Sanctions
Cryptocurrency’s reliance on blockchain technology offers the U.S. government an opportunity to better understand and track financial activity that may indicate sanctions evasion. By closely monitoring cryptocurrencies, law enforcement agencies can enhance overall sanctions implementation and increase information sharing with financial institutions regarding cryptocurrency risks and guidance. Illicit actors are attracted to cryptocurrency for its pseudonymous and decentralized nature, but this does not mean their activity is private. Although some smaller “privacy coins” present secrecy challenges, major cryptocurrencies operate on a blockchain, a system of accounting and trust that allows a level of visibility into the parties to the transaction. Cryptocurrency is typically managed using a “wallet,” and U.S. authorities commonly publish the wallet identifiers of actors engaged in illicit activities, including sanctions evasion, in Department of the Treasury sanctions and Department of Justice indictments. This information exchange allows financial institutions, cryptocurrency exchanges, and consulting firms to monitor and track suspicious transactions — “piercing the veil of anonymity,” in the words of the Department of Justice.
Cryptocurrency transactions are carried out by adding a record of the transaction to the blockchain database. Transactions are verified with a digital signature using a pair of cryptographic keys that are stored in crypto wallets. These keys are used to sign off on transactions and give the location of a given block in the chain. This information allows the wallet owner to control the cryptocurrency associated with it. Moreover, cryptocurrency transactions are “pseudonymous,” rather than completely anonymous. While one does not have to expose their name, physical address, or other real-world identifying information to make a transaction, other details of the transaction are stored publicly and permanently on the blockchain, and can be viewed and analyzed by anyone. If necessary, law enforcement can use records stored in the blockchain to analyze the history of transactions linked to the address.
As evidenced by the Department of Justice indictment of the North Korea money laundering ring, sanctioned states often need to access the international financial system to convert their virtual assets into fiat currency. This requires these cryptocurrency funds to enter traditional financial institutions that are highly regulated. Increased information flow between the financial sector and the federal government may help increase visibility into possible sanctions evasion activities using cryptocurrency and properly scope out the size of the threat. Below are three recommendations for building on U.S. government and international momentum regarding the use of cryptocurrencies and effectively safeguarding the international sanctions regime and financial system from illicit activity.
Accelerating Cooperation and Information Flow
The United States should continue to work through intergovernmental forums like the Financial Action Task Force to advance an international regime of effective controls to ensure sanctioned actors are not able to easily transfer and use cryptocurrencies without oversight. Through the Financial Action Task Force, countries have outlined the rules of cryptocurrency, requiring a shift into implementation of national policies, guidance for the private sector, enhanced information flow to the public and between governments, and effective legal and regulatory enforcement. Here are a few recommendations that can accelerate this:
U.S. law enforcement agencies should increase its public information flow, to the extent practical, and publish more wallets and identifiers of known illicit networks. This allows threat intelligence firms and research organizations to publicly map networks and boosts financial institutions confidence to transact in cryptocurrencies by being able to screen for wallets used for sanctions evasion.
Countries should share threat-focused, actionable, financial information regarding cryptocurrencies through existing vehicles like the Egmont Group. Cryptocurrencies easily flow between jurisdictions and countries should ensure they are sharing actionable information about threats, suspicious activities, and potential illicit transactions to effectively counter bad actors synchronously.
The U.S. government should increase technical assistance and capacity building efforts to partner governments, with a focus on increasing information sharing and strengthening regulatory oversight and enforcement of cryptocurrency exchanges.
Governments, consulting firms, research and financial institutions should strengthen insight into “non-hosted transactions” as regulation is implemented. These transactions do not use a cryptocurrency exchange and involves private transfers from one person to another, outside a marketplace.
Make Privacy Coins Harder for Threat Actors to Use
Washington should ensure that “privacy coins” are held to a regulatory standard and require “know your customer” information from all cryptocurrencies and cryptocurrency exchanges. Criminals need a blend of anonymity, access, reliability, and security to effectively move money internationally. Governments, financial institutions, and cryptocurrency exchanges can work together to mitigate these elements for threat actors through responsible financial controls. Certain cryptocurrencies commonly known as privacy coins, such as Zcash, Monero, and Dash, can obfuscate transaction history.
However, international best practices, and regulations in several countries, including the United States, the European Union, Japan, Singapore, and South Korea, now require basic “know your customer” information on cryptocurrency transactions, which privacy coins cannot aptly provide. Therefore, governments should ensure privacy coins are subject to effective oversight by providing specific “know your customer” implementation guidance to exchanges. This will in turn erode the reliability of any noncompliant privacy coins, as threat actors would need access to privacy coins on both ends of the operation and would therefore have narrower pathways to transact. Finally, legal seizures of threat actors’ funds, such as the August 2020 Department of Justice seizure of millions of dollars’ worth of Islamic State cryptocurrency, will undermine the security of the funds in illegal transactions.
Condemn the Activity, Not the Medium
The U.S. government ought to view cryptocurrencies as the medium that they are and remain tightly vigilant on illicit financial activity, whether it is conducted through traditional fiat currencies or cryptocurrencies. This will require a thoughtful approach of training, coordination, and information sharing throughout the U.S. national security apparatus on cryptocurrencies and potential avenues for threat actors to abuse them. Over the past two decades, terrorist groups and proliferation networks have exploited the international financial system’s interconnectivity and complexity to build multifaceted networks for funding their activities. Consequently, the international legal, analytical, and law enforcement community built a parallel architecture of financial controls to combat this activity.
Cryptocurrency is an agnostic financial tool, and the international community is building the infrastructure to be able to monitor and regulate it properly. Therefore, national security experts should remain laser-focused on activity and actor, and not overemphasize the medium of cryptocurrency or stovepipe the response to it. Sanctions should be targeted and seek to deter threat activity directly. National security practitioners should seek to achieve a level of cryptocurrency literacy and knowledge that keeps up with the growing popularity and usage of cryptocurrencies. Most importantly, responses to cryptocurrency should be effectively integrated into national security strategies to ensure cryptocurrency is treated as one tool among many that can be exploited by threat actors. Disrupting cryptocurrency use in and of itself is not effective if underlying national security threat actors are still able to use financial tools to achieve their ends.
Cryptocurrencies threaten to change the way international financial regulations, practices, and norms have been traditionally built, which could potentially lead to abuse by sanctioned threat actors. However, the U.S. government and its international partners can view this as an opportunity to strengthen sanctions implementation and law enforcement. A thoughtful, collaborative approach to this emerging technology and changing financial system is critical to enhance successful illicit financing controls and ensure cryptocurrencies cannot be used to evade sanctions and avoid those controls.
Cryptocurrencies are not inherently a threat to U.S. national security or the efficacy of sanctions. Nevertheless, the United States should work with other countries to implement responsible financial controls, data transparency policies, and effective enforcement should to ensure that it is not exploited for sanctions evasion and threat financing.
As long as the U.S. dollar remains the global reserve currency, Washington will play an outsized role in protecting the integrity of the international financial system while it protects its national interests. A balanced approach will allow everyday people to enjoy the benefits of cryptocurrency technology while stopping potential abuse by terrorists and proliferation networks.
This piece was researched and written by a team at the Pacific Northwest National Laboratory that focuses on issues at the crossroads of illicit finance, counter-proliferation, and emerging technologies. The views expressed in this article do not necessarily reflect those of the Pacific Northwest National Laboratory or the U.S. government.
Adam Myers is a counterproliferation analyst that conducts research and international capacity building engagements on counterproliferation financing, sanctions, and cybersecurity.
William Szymanski is a nonproliferation policy analyst that researches topics relating to counterproliferation financing, export controls, and international nuclear safeguards, and he develops and conducts international nonproliferation training programs.
Daniel Jackson is a nonproliferation policy specialist that conducts research and develops novel trainings to strengthen foreign government partners’ ability to prevent and combat the proliferation of weapons of mass destruction.
Ellen Wynkoop is a nonproliferation policy specialist and conducts research and develops novel and interactive curriculum for U.S. government sponsors that assists foreign governments effectively prevent and combat the proliferation of weapons of mass destruction.
Pete Heine is a senior advisor in global security technology and policy, and a strategic trade control enforcement national expert seconded to the World Customs Organization. He works to advance trade data analysis strategies for identifying high-risk shipments, and he develops and conducts international nonproliferation training programs.
Tyler Hoffman is a national security specialist who directs training and research programs regarding strategic trade controls.
Bri Mostoller is a cyber security analyst with a background in international relations, Russian area studies, network defense and incident response.
Image: Pixabay (Michael Wuensch)