The U.S. Department of Justice (DOJ) announced yesterday that U.S. citizen Virgil Griffith has pled guilty to providing technical advice to North Korea on using cryptocurrency and blockchain technology to evade sanctions. Griffith is scheduled to be sentenced in January 2022, could serve up to two decades in prison. While a victory for U.S. law enforcement, this highlights the grim reality that despite the dangers of North Korean nuclear proliferation, even U.S. citizens are susceptible to enticement from Pyongyang.
A former senior researcher and developer for Ethereum Foundation, Griffith was an ideal candidate for helping North Korea achieve its blockchain ambitions as its cyber-enabled sanctions evasion schemes could benefit from his knowledge in cryptocurrency and blockchain technology. According to U.S. government records, Griffith traveled to North Korea in April 2019 to attend and present at the Pyongyang Blockchain and Cryptocurrency Conference where he worked with “others” to provide cryptocurrency services aimed at assisting North Korea in evading sanctions. Griffith pursued plans to facilitate cryptocurrency exchanges between North and South Korea while attempting to recruit other U.S. citizens and liaise deals with cryptocurrency and blockchain service providers on behalf of Pyongyang. These actions directly violated U.S. law as the U.S. State Department denied Griffith permission to travel to North Korea and he did not obtain a license from Office of Foreign Assets Control (OFAC) to provide goods, services, or technology to North Korea.
Although the DOJ indictment does not identify the alleged “others” listed in its announcement, Pyongyang has a well-documented history of using foreign agents, mostly from China, to assist in evading economic sanctions aimed at limiting the advancement of its illicit nuclear weapons development program.
However, Griffith was not the only U.S. citizen who pled guilty to charges related to North Korea this month. A U.S.-Canadian dual citizen, Ghaleb Alaumary, was recently sentenced to 140 months in federal prison for conspiring to launder tens of millions of dollars stolen in online banking theft on behalf of North Korean cyber criminals. Similar to Alaumary, Griffith likely decided to plead guilty due to overwhelming evidence providing his understanding of the illegality of his actions, but the unspecified “others” in the DOJ announcement could signify his collaboration with the U.S. government in identifying his co-conspirators and facilitators.
Given North Korea’s previous success in utilizing blockchain technology to evade sanctions prior to his trip to Pyongyang, some may suggest that Griffith could not have provided any new information to the country’s accomplished cybercriminals. Whether true or not, that fails to address security concerns surrounding the recruitment of fellow U.S. citizens to assist sanctions evasions schemes and serve as brokers between Pyongyang and cryptocurrency exchanges. As North Korea is politically and financially isolated from the rest of the world, foreign agents acting as over-the-counter (OTC) brokers grant Pyongyang the ability to engage with industries and entities otherwise unreachable under U.S. and United Nations sanctions.
The case is being handled by two subdivisions of the DOJ, the Office of Terrorism and International Narcotics Unit and the Counterintelligence and Export Control Section, which signifies the broad security implications behind North Korea acquiring enhanced capabilities to evade sanctions using financial technology. This follows a growing global trend among democratic nations of regulating financial activity conducted through cryptocurrency exchanges, after the United States issued its first ever sanction on a Russian cryptocurrency exchange for facilitating transactions related to ransomware payments and South Korea imposed strict regulatory guidelines on virtual asset service providers earlier this month.
The case of Virgil Griffith highlights an important issue for policymakers, as non-compliance with sanctions on North Korea is often thought to occur mainly in jurisdictions with low enforcement capabilities, such as Southeast Asia, or a lack of will to comply, as seen in China or Russia. But now it is clear that even U.S. citizens are not exempt from North Korean enticement.