Crypto Laundering Success Calculator
Understanding North Korea's Laundering Process
North Korea uses a four-step cash-out system to convert stolen cryptocurrency into spendable fiat. This calculator shows how different factors affect the success rate and value of the conversion based on real-world data from the article.
Input Parameters
Laundering Results
0%Based on the data provided in the article, the success rate of North Korea's laundering operations has increased significantly since 2022.
Key Findings from the Article
- • North Korea has stolen over $3 billion in crypto since 2017, converting $2.1 billion to fiat
- • In the Bybit hack, 87% of stolen Ethereum was converted to Bitcoin within 72 hours
- • North Korea uses 400-500 small daily transactions to avoid detection
- • Success rate in converting crypto to fiat within 90 days jumped from 65% to 92%
How North Korea Cashes Out Stolen Cryptocurrency to Fiat
North Korea doesn’t need to rob banks. It hacks crypto exchanges instead. And it’s getting better at it every year.
In February 2025, hackers linked to the North Korean regime stole $1.5 billion from Bybit - the largest single cryptocurrency heist in history. The money didn’t vanish. It didn’t disappear into the blockchain. It turned into cash. Real, spendable, untraceable cash. And that’s the real problem.
This isn’t a one-off. Since 2017, North Korean state-backed hackers have stolen over $3 billion in crypto. They’ve turned $2.1 billion of it into fiat currency. That money buys missiles, submarines, and nuclear warheads. It funds a regime under some of the strictest sanctions in the world. And they’re doing it by turning crypto’s biggest strengths - speed, anonymity, and global access - into weapons against global finance.
The Four-Step Cash-Out Machine
North Korea doesn’t just withdraw stolen crypto to a bank. That’s too easy. Too traceable. Instead, they run a four-stage laundering operation that looks like a well-oiled military campaign.
Stage 1: The Heist - Most attacks start with phishing, fake software updates, or compromised developer accounts. In the 2023 Atomic Wallet hack, hackers slipped malware into a popular wallet app. Once installed, it stole private keys from 4,100 users. No brute force. No cracking. Just social engineering. It’s cheaper, faster, and harder to stop.
Stage 2: Cross-Chain Chaos - Right after the theft, the stolen assets get moved across multiple blockchains. Ethereum? Done. Now it’s on Binance Smart Chain. Then Solana. Then Avalanche. Each transfer adds layers of confusion. Between 2021 and 2025, North Korean-linked groups moved over $1.2 billion through cross-chain bridges like Ren Bridge and Avalanche Bridge. These bridges let users swap assets between networks - but they’re poorly regulated. That’s the loophole.
Stage 3: The Bitcoin Pivot - Over 80% of stolen crypto ends up as Bitcoin. Why? Because Bitcoin is the most liquid, the most accepted, and the hardest to trace at scale. Once assets are converted to BTC, they’re easier to move through over-the-counter (OTC) desks and crypto ATMs without triggering alerts. In the Bybit hack, 87% of the stolen Ethereum was turned into Bitcoin within 72 hours. Speed matters. The faster they convert, the less time analysts have to freeze accounts.
Stage 4: The Fiat Flip - This is where it gets real. Bitcoin doesn’t pay for missiles. Dollars do. So the final step is converting Bitcoin into cash. And for that, North Korea relies on a handful of weak spots in the global financial system.
Cambodia: The Cash-Out Capital
If you want to turn crypto into cash without questions, go to Cambodia.
Since 2021, the U.S. Treasury has identified Cambodia’s Huione Group as the primary laundering hub for North Korean crypto. Huione operates under the guise of a legitimate financial services company. But its subsidiaries - Huione Guarantee and Huione Crypto - are fronts. They issue non-freezable stablecoins that look like real money but can’t be blocked by sanctions. These stablecoins are then traded for cash in Sihanoukville, where North Korea runs at least 14 crypto cafes.
These cafes don’t need IDs. They don’t ask questions. They take Bitcoin, give you cash. One cafe processes up to $2 million a month. And they’re not alone. Macau’s casinos accept crypto deposits with only 5% KYC checks - compared to 95% in regulated markets. That’s a 19x difference. North Korea exploits that gap.
The Human Network: IT Workers as Money Mules
North Korea doesn’t just rely on tech. It relies on people.
Thousands of North Korean IT workers are stationed in China, Russia, and Southeast Asia. They don’t work as hackers. They work as software engineers, customer support reps, and blockchain developers - at real companies. They use fake Vietnamese, Indian, or U.S. identities. Their job? Build backdoors.
According to CSIS, 27 cases in 2024 showed North Korean employees at Chinese exchanges setting up direct wallet-to-bank transfers with only 12-hour notice before funds left the system. Standard fraud detection takes 72 hours. That’s a 48-hour window to move millions before anyone notices.
Some work as freelancers. They sign up for crypto payment gigs on platforms like Upwork or Fiverr. They complete fake projects. Then they cash out the crypto through local exchanges with no ID checks. They’re not stealing - they’re being paid. And the money? It flows back to Pyongyang.
Why Tornado Cash Died - And What Replaced It
Five years ago, North Korea used Tornado Cash to mix stolen crypto. It was the go-to tool. Until the U.S. sanctioned it in August 2022. The tool froze. The funds were blocked. And North Korea had to adapt.
They didn’t build a better mixer. They built a faster system.
Now, they use what experts call “flood the zone.” Instead of one big messy transaction, they run 400-500 small, high-frequency transfers every day. Each one is under $10,000 - the reporting threshold in most countries. No single transaction looks suspicious. But together, they move hundreds of millions.
They’ve also shifted to decentralized finance (DeFi) protocols. By swapping stolen ETH for USDC on Uniswap, then moving it to a regional exchange that doesn’t ask for ID, they turn crypto into cash without ever touching a centralized exchange. It’s not perfect. But it’s working.
The Crackdown - And Why It’s Not Enough
The world knows what’s happening. The U.S., EU, and UN have slapped sanctions on dozens of wallets, exchanges, and individuals linked to North Korea. The Crypto-Asset Reporting Framework now forces exchanges in over 100 countries to share customer data. In Q1 2025, North Korea’s cash-out success rate dropped 22% compared to the last quarter of 2024.
But here’s the catch: their speed has increased by 65% since 2022. Their success rate in converting crypto to fiat within 90 days jumped from 65% to 92%. They’re adapting faster than regulators can react.
Chainalysis CEO Michael Gronager told Congress in April 2025: “We’re tracking more activity than ever - but we’re catching less.”
Why? Because the tools they’re using now - cross-chain bridges, DeFi protocols, fake IT workers - aren’t controlled by any single government. They’re global. Decentralized. And legal in many places.
The Future: Stablecoin Arbitrage and Custom Protocols
North Korea isn’t slowing down. It’s upgrading.
According to a March 2025 CSIS report, the regime is testing “stablecoin arbitrage laundering.” Here’s how it works: steal ETH → convert to USDC on a decentralized exchange → send it to a low-regulation exchange in Southeast Asia → sell USDC for local currency at a premium → profit. The price difference between markets is small, but when you’re moving $50 million, it adds up.
They’ve also recruited 37 blockchain developers from failed crypto startups to build custom cross-chain protocols. These aren’t public tools. They’re private, encrypted, and designed to hide transaction trails. One prototype could process $500 million without leaving a trace.
But the clock is ticking. Treasury Secretary Janet Yellen said in May 2025 that North Korea’s cash-out success rate could drop to 40% by 2027 - if global cooperation holds.
That’s a big “if.”
What’s Next?
North Korea’s crypto cash-out system is a perfect storm of tech, geography, and human deception. It’s not going away. It’s evolving.
Right now, the best defense is speed, coordination, and closing the weakest links: unregulated exchanges, fake identities, and cash-heavy crypto cafes. But as long as there’s a country that doesn’t ask for ID, or a developer willing to lie about where they’re from, North Korea will keep turning stolen crypto into weapons.
The question isn’t whether they can do it. They already are.
The question is: how long will the world let them?
How does North Korea turn stolen crypto into cash?
North Korea uses a four-step process: first, they steal crypto through phishing or supply chain attacks. Then, they move it across multiple blockchains to hide its origin. Next, they convert it to Bitcoin for better liquidity. Finally, they cash out through unregulated crypto cafes in Cambodia, Chinese bank networks, or Southeast Asian casinos that don’t require ID checks.
Why is Bitcoin the preferred currency for laundering?
Bitcoin is the most liquid cryptocurrency globally. It’s accepted by almost every OTC desk, crypto ATM, and exchange - even in places with weak regulations. Its network is large enough to absorb massive transfers without price slippage, making it ideal for moving hundreds of millions without drawing attention.
What role does Cambodia play in North Korea’s crypto laundering?
Cambodia, especially the city of Sihanoukville, hosts at least 14 North Korea-controlled crypto cafes that convert Bitcoin to cash with no ID required. The Huione Group, linked to North Korean officials, issues non-freezable stablecoins and acts as a financial bridge between crypto theft and physical cash. U.S. authorities have officially designated Huione as a major money laundering concern.
How do North Korean IT workers help launder crypto?
Thousands of North Korean IT workers are embedded in tech firms across China, Russia, and Southeast Asia. Using fake identities, they gain access to exchange systems and create backdoors that allow instant transfers from crypto wallets to bank accounts - bypassing 72-hour fraud detection windows. Many work as freelancers, getting paid in crypto and then cashing out through local, low-KYC exchanges.
Why did Tornado Cash stop working for North Korea?
Tornado Cash was sanctioned by the U.S. Treasury in August 2022 after processing over $1.2 billion in stolen crypto, much of it linked to North Korea. Once sanctioned, any transaction involving Tornado Cash was flagged and frozen. North Korea shifted to faster, decentralized methods like cross-chain bridges and high-frequency small transactions to avoid detection.
Can blockchain analysis stop North Korea’s crypto laundering?
Blockchain analysis has improved by 40% since 2022, but North Korea’s adaptation speed has increased by 65%. They now use 400-500 small daily transactions, DeFi protocols, and custom cross-chain tools that evade traditional tracking. While analysts can spot patterns, they can’t always freeze funds fast enough - especially when cash-out happens in places with no regulatory oversight.
What’s the biggest vulnerability in North Korea’s cash-out system?
The biggest vulnerability is the final fiat conversion point. Only 3-5% of global exchanges allow large withdrawals without KYC. That’s why North Korea is building its own infrastructure - crypto cafes in Cambodia, fake financial firms in China - to bypass regulated systems entirely. Shutting down these physical hubs would cripple their ability to turn crypto into weapons.
Is North Korea’s crypto laundering getting easier or harder?
It’s getting harder to move money through regulated exchanges, but easier to convert it into cash through unregulated channels. Their success rate in turning stolen crypto into usable fiat has risen from 65% in 2020 to 92% in 2025. The challenge isn’t stealing - it’s cashing out. And they’ve mastered that.
Dexter Guarujá
November 20, 2025 AT 19:21Jennifer Corley
November 22, 2025 AT 12:21Natalie Reichstein
November 23, 2025 AT 08:38Kaitlyn Boone
November 24, 2025 AT 22:07Kris Young
November 26, 2025 AT 06:16LaTanya Orr
November 27, 2025 AT 21:19Ashley Finlert
November 28, 2025 AT 11:22Chris Popovec
November 29, 2025 AT 13:27Marilyn Manriquez
November 30, 2025 AT 22:02taliyah trice
December 2, 2025 AT 17:50Charan Kumar
December 4, 2025 AT 07:57