The US Treasury has identified decentralized finance (DeFi) as a threat to national security, claiming that North Korea uses it to launder its cyber-enabled heists and fund its weapons of mass destruction program.

In a report titled “Illicit Finance Risk Assessment of Decentralized Finance,” the federal agency claimed North Korea is abusing DeFi services to funnel cash into its program to develop weapons of mass destruction (WMD).

The report alleged that North Korean scammers have been using the DeFi ecosystem to launder dirty money, and the lack of clear regulations around the sector has given criminals the opportunity to conduct illegal activities.

More specifically, the non-compliance of some DeFi platforms with certain Anti-Money Laundering (AML) and Countering the Financing of Terrorism (CFT) regulations has allowed North Korean hackers and other groups to launder stolen crypto funds.

“The assessment finds that illicit actors, including ransomware cybercriminals, thieves, scammers, and Democratic People’s Republic of Korea (DPRK) cyber actors, are using DeFi services in the process of transferring and laundering their illicit proceeds.”

The 40-page report also noted that DeFi projects do not implement measures to identify customers, and the anonymity they offer makes it difficult for law enforcement to identify and track illicit activities.

The Treasury suggested that regulatory agencies increase their oversight of AML/CFT for DeFi platforms and address regulatory gaps.

North Korea Uses DeFi to Fund Its Missile Program

The Treasury report mentioned that North Korea uses the proceeds from its DeFi thefts to support its nuclear and missile programs, adding that the country is using regulatory loopholes in the industry to evade sanctions.

“The U.S. government has observed DPRK cyber actors targeting organizations in the virtual asset industry, including DeFi services,” the report said.

As reported, authorities from the US have confirmed that the North Korean hacking group known as the Lazarus Group, in collaboration with APT38, was responsible for the $625 million hack of Axie Infinity’s Ronin blockchain.

In another report earlier this year, the White House said that North Korean hackers had stolen more than $1 billion worth of crypto in the past two years, adding that Pyongyang has used the funds to support its missile program.

“In addition to heists, DPRK-linked actors are involved in other illicit activity related to virtual assets, including ransomware attacks and the use of virtual asset applications modified to include malware to facilitate the theft of virtual assets,” the Treasury said.

Notably, the latest report is in line with President Biden’s executive order on digital assets, which was signed in March last year and tasked various federal agencies to draft a host of reports, frameworks, and action plans to evaluate the various perceived challenges and opportunities presented by digital assets.

UN: North Korea Uses Sophisticated Cyber Techniques

North Korea uses sophisticated cyber techniques to commit crypto crimes and gain access to digital networks, according to a recent UN report by a panel tracking the implementation of sanctions against Pyongyang.

“The country used increasingly sophisticated cybertechniques both to gain access to digital networks involved in cyberfinance and to steal information of potential value, including to its weapons programs,” the panel said.

Last week, Google-owned cybersecurity firm Mandiant revealed that Pyongyang-based hacking group APT43, also known as Kimuski, buys cloud mining services with its stolen funds to produce clean crypto with no blockchain-based connections for law enforcement to trace.

Meanwhile, impersonating venture capitalists looking to invest in crypto startups and fake job opportunities at prestigious firms or fictitious salary increases are some known phishing methods used by North Korean hackers.

