Since at least 2014, North Korea has shown increasing cybercrime expertise and interest, more recently expanding into VAs. Throughout 2020 and 2021, the US Department of Justice indicted a series of individuals for laundering VAs on behalf of North Korea. Yet, while most North Korean VA activity involves large-scale hacks, such as the $49 million 2019 Upbit hack or the $275 million stolen from KuCoin in 2020, the regime has also shown interest in ransomware attacks and VA mining. Overall, North Korea is highly advanced in the cybercrime realm and seems increasingly interested in applying these skills to cryptocurrency activities. Similarly, although not the core focus of this guidance paper, Iran has reportedly begun to use VA mining to evade sanctions and export oil, with a huge share of global VA mining taking place in the country. With global compliance and regulation lacking in many jurisdictions, VASPs can present an easy target for these actors.
Counterproliferation Financing for Virtual Asset Service Providers | Royal United Services Institute (rusi.org)