The Lazarus Group, The Bybit Hack and Sanctions: The New Battleground with Andrew Fierman
47:37 Share

Do you manage your own IT for distributed teams in Asia? And you know how painful it is. Ezevel helps your in-house team by taking cumbersome tasks off their hands and giving them the tools to manage IT effectively.

Get help across eight countries in Asia Pacific from on and off boarding, procuring devices to real-time IT support and device management. With our state-of-the-art platform, gain full control of all your IT infrastructure in one place. Our team of IT support pros are keen to help you grow. So check out ESEVEL.com and get a demo today. Use our referral code ASIA for three months free. Terms and conditions apply.

The thing that's most fascinating, we talk a lot about how complex North Korea is here. But when you compare it to some of the other illicit groups, particularly those that are sanctioned, say your terrorist organization that's soliciting donations on Telegram or some other social media outlet, understanding what that difference in the level of complexity is, I think is really fascinating to actually know about. When we're talking about

DPRK, we're talking about laundering of funds through tens of thousands. By the time we're done, it'll be hundreds of thousands of wallets. And then on the other end of it, we have a terrorist organization that was sanctioned mid last year for facilitating on behalf of Hamas. And after they got sanctioned and their addresses that they were using got seized and disrupted, they got annoyed and they tried to bridge

funds with their new Ethereum wallet after they received a few donations and they didn't even have the gas fees to facilitate it and the transaction. When we're talking about the level of complexity here, it is really fascinating to know the nuance. And it's not to say that other nation states like Russia or Iran don't have any level of complexity. They certainly do.

Welcome to Analyze Asia, the premier podcast dedicated to dissecting the pulse of business technology and media in Asia. I'm Bernard Leung, and the recent Bybit hack

by the Lazarus Group has shaken the entire crypto market. How has the crypto industry reeling from this fallout? With me today, Andrew Fehrman, Head of National Security Intelligence at Chainalysis to share with us on the fallout and also the key takeaways from their recent sanctions report from Chainalysis 2025. So, Andrew, welcome. Thanks for having me. Yes. And first of all, I always want to know my guest's background. So I want to always start with your origin story. How did you start your career?

So I've been in financial crimes compliance for about a decade prior to joining Chainalysis. So it started doing know your customer at JPMorgan Chase. I got more into anti-money laundering, sanctions, and really found a unique interest in sanctions and geopolitics, especially around understanding how illicit actors were facilitating sanctions evasion through financial institutions. Ultimately, what I realized is

Most people who are on a sanctions list aren't typically going to walk into a U.S. bank or into a bank to bring U.S. dollars directly. So my question was always, how are they going about doing that?

With that, I have studied everything from how terrorist organizations use charities to how North Korea uses shell companies or evades, use evasive tactics in the shipping industry to how Russia and Iran have done it historically. So I've really always tried to focus on that aspect of evasive techniques utilized by nation states and those who are otherwise subject to sanctions.

That being said, after taking on the role as head of sanctions at Barclays, I decided to come over to Chainalysis where I got to focus on this entire new landscape and figuring out how these actors

and how everything that they do traditionally in traditional finance applies to the blockchain and have been here for a little bit over three years now. This is very interesting because you transition from a traditional banking institution to the dynamic world of blockchain analytics now at Chainalysis, right? What are the key differences and learning experiences that help you to make that transition? Specifically, even though the tactics might look the same, but actually it's a different context in a different setting.

Yeah, it was a lot of studying of new terminology and understanding how the blockchain operates, more generally speaking. But actually being fully honest, after spending a little bit of time at Chainalysis doing some of the introductory courses that companies like Chainalysis offer, made me realize pretty quickly that a lot of the concepts when you're tracing money translates

pretty quickly. Knowing how Bitcoin versus Ethereum gets laundered, certainly a little bit different than what you're going to see in following US dollars. But the concept of shell companies now becomes hops or unknown intermediaries. And utilizing different jurisdictions still is a very typical typology that you see. And so I think a lot of it translated pretty clearly for me early on.

How about things like, say, crypto Twitter, for example? I think there are some of these Twitter accounts that actually go out and do sleuthing and checking through which wallets have just made tons of transfers or that. Does that actually increase your surface area of monitoring or does it actually helps you to even make it so different as compared, say, when you're in a traditional institution? There's no financial Twitter to know, you know, who is sending how much cash across

the blockchain in the past in a bank, traditional banking institution. You've definitely touched on a really unique aspect of the transparency of the blockchain, right? When it comes to financial institutions, the SWIFT system and the SWIFT messages that belong to transactions at your financial institution only belong to your financial institution. So it's not sitting out on a block explorer. It's definitely not sitting out on crypto Twitter for everyone to look at, analyze and assess.

That being said, I think it's really interesting and sometimes quite impressive following how quickly those...

on social media platforms like Twitter are coming to help, coming to pitch in, especially in instances like what we'll be talking about today with Bybit. But I think one of the really fascinating and unique angles that I get to see it from is being at Chainalysis where our entire role and responsibility in the ecosystem is to map the entire ecosystem

We get to really visualize start points and end points in the way that money moves overall. And so I think it adds a layer of context that maybe crypto Twitter doesn't get. So I'm not going to say we're as privatized of a focus as, say, a financial institution does. But certainly we have a little bit more context to play with when we're doing our investigations at Chainalysis.

Being a crypto investor for a very long time, so I've been following chain analysis. So just one question before we get to the main subject of the day. What are the lessons from your career journey that you can share with my audience? I think it's just always being open to new challenges and not just following the processes and procedures, but pushing your level of understanding to new areas and new capacities, I think.

The blockchain ecosystem is here to stay. I see people who have been in the compliance industry through my past and finally trying to catch up and wanting to get into crypto. But, you know, it's crypto, it's AI, it's emerging technology, more broadly speaking, and diving in and being willing to learn these new things doesn't just help

better your career opportunities, but it also helps you be better at being able to help fight against the crime you're trying to investigate. So I get to the main subject of the day. We talk about the Bybit hack, the Lazarus group, and then also the sanctions report from the Chainalysis 2025 report. So I think first, let's start off with the recent Bybit hack. I think the TAF is

approximately $1.5 billion in cryptocurrency, and I think most of it has been laundered off, allegedly, on the Tor chain and reportedly orchestrated by, of course, North Korea's Lazarus Group. Just from your professional standpoint, can you walk us through the tactics and methods that's actually employed in this breach? And how do they align with, say, previous patterns that's observed from, say, state-sponsored actors similar to them?

So in this specific incident, the exploit occurred through an impact on a third-party vendor safe wallet that was being utilized by Bit, which ultimately made it look on the surface like a transfer from a cold storage wallet to a warm wallet was being finished. And it ended up that the funds got exploited out to a wallet controlled by North Korea without the awareness of those doing the signing on the Bybit side.

That being said, this is obviously a unique method using the third party vendor as the access point for the exploit. But North Korea and the Lazarus Group have always used varying forms of social engineering in order to gain access to whoever they're looking to exploit. So whether it's sending a phishing email or to apply malware, getting in the back door through Facebook,

IT, remote employees, whatever it might be, the techniques are always evolving. And I think this is just a trend that you see with North Korea for decades. They are a nation that is heavily sanctioned. They don't have a lot of value in exports anymore.

They don't have a lot of international trade partners. So their real way of making money has always come through unique ways of evading sanctions. And so exploiting the crypto and Web3 ecosystem is just the newest of those techniques. And they're going to continue to get more advanced and more technically creative in the way that they do it. Every time one of these hacks occurs,

the industry has a game plan, a blueprint to improve their security measures, right? However, as they improve their security measures,

North Korea and the Lazarus Group will look to find a different way. And I think some of it is just a matter of a pure volume play. If you have tens of thousands or hundreds of thousands of employees and you send out a bunch of emails and maybe it's bonus season and you get an email saying, here's your information on your bonus, click here.

somebody in a company is probably going to be really excited about seeing how much money they're about to make this year and click on the link. And then it's too late already. So I think coming back to your question,

Yes, there was a bit of a unique angle in that they exploited a third party vendor that then provided that access to Bybit in this case, rather than having an exploit directly through Bybit themselves. But the aspect of how they got there via social engineering is standard, but obviously different.

ever growing in the capability and creativity and the way that they're going about it. I thought it was quite interesting that the way how they did the hack was that they put in a software that made the user think that it was actually safe. And of course, there's also the concentration risk of the wallet of putting

putting so much money into one wallet, which is not a typical practice as well. And they actually have to time machine back, as in look at the software on the laptop to work out that actually there was some software and actually the software was deleted the next day, which is what makes this hack so sophisticated. So we know the Lazarus Group has been implicated in high profile cryptocurrency tests, right? Can you shed light on their typical operational methods and how have they actually evolved over time?

from your point of view? So when we're talking about the social engineering side of it, just like you mentioned, they're getting more creative in their technical points of access. When it comes to the on-chain aspect, North Korea, from a nation state, from an illicit actor perspective, is by far the most technologically and technically advanced in the way that they operate.

That being said, they absolutely use a very consistent fingerprint in the way that they facilitate laundering of funds. And we've seen this happen time and time again from different exploits on chain where Lazarus Group gets the exploit to a single wallet.

They then break down funds from that wallet to a handful of wallet, usually a few dozen of them, and then start bridging using DeFi protocols, using no KYC instant swap services to get it off of the native token of Ethereum and into Bitcoin, where they can start chopping it up further and send through mixers and further obfuscate where the funds are going. So

While it's complicated, hope is not all lost. And I think one thing that's important to note is that the $1.5 billion was stolen. And I know there's been some wording out there talking about how it's been laundered. It's just that the laundering process has begun. As of just a few days ago, our numbers indicate that over 90% of the funds from the Lazarus Group hack are still sitting on the blockchain.

So for the 10% that's no longer on the blockchain, that comes in a few forms, one of which being seizures and disruptions, like we saw with Mantle, $43 million of it was seized very quickly after the start of the hack. And then you have a combination of lost funds and fees, as well as small portions that have been off-ramped. So all said and done, while $1.5 billion was stolen and

It's certainly on the move. I think we have over 4,000 Bitcoin wallets holding balances that we're currently tracking. It doesn't mean that the money has all been laundered. And with stronger compliance in the ecosystem right now than ever before and stronger regulation, compliance teams at mainstream exchanges are more reactive and more ready and readily available to seize and disrupt funds if funds do come to their service and platform. And

I think when you're talking about $1.5 billion, it's not like you can just bring that to your corner store to launder it to cash. Yes, it's definitely a difficult process to offer. So you talk about the...

your observation on the things that how they do the, how difficult it's going to launder the stolen funds. I guess the question now is from the sanctions point of view, what evolving tactics are you, would you observe to see in their laundering process are going to change or maybe how effective actually are current enforcement measures in actually countering their strategies? It's a great question. I think in reality, what we're looking at is

by far the largest hack ever, right? Before this, it was $611 million. Now we're talking about $1.5 billion. So the scale and the volume at which they're laundering, we're not talking about somebody, a single person sitting in a room, pressing a button to move funds from wallet to wallet. This is a very coordinated, meticulously done effort.

And I think concept like using AI bots and using timed transactions are absolutely playing a more persistent role or are likely playing a persistent role this time around. If you're talking about laundering $20 million, there's only so much you can do with it before you lose more of it to fees than it's worth laundering. And so, you know, that kind of process happens frequently.

often more quickly, less total number of wallets. But when you're talking about $1.5 billion, it's simply going to be a waiting game for North Korea. So while the bounty program was set up, and while Chainalysis, every other blockchain analytics firm, every public sector government in the world, and crypto Twitter, and many others, I'm sure, are tracking in real time,

The goal here isn't just to break it up and launder it and move it through as quickly as possible. Part of it is going to be a waiting game and sitting on those funds for weeks, months, years, waiting until the news cycle kind of cools down. People go back to focusing on other things going on in their lives. And then they hope then they'll pick up the pace again and continue to attempt to launder those funds. So that being said, I think.

Like I mentioned before, with the development of compliance programs in the international global crypto exchange ecosystem,

along with the levels of awareness, the levels of capability of both government, public sector, law enforcement agencies, as well as blockchain analytics firms. And then adding on, and not joking about it, adding on crypto Twitter and those sleuths that are out there doing really great work. You have a whole host of people who are here

Attempting to take any opportunity to disrupt any single dollar that has an opportunity to be disrupted. And because the blockchain is this real world living real time, borderless, 24 hour a day blockchain.

function, so too has the industry that sits around it. I think that's a really unique aspect that we're thinking that a lot of people don't think about when you're talking about the Swift system, talking about something that's open from 8am to 6pm Eastern Standard Time, five days a week. If you haven't laundered your money by six o'clock and everyone's gone home for the weekend, got to wait till Monday morning. But certainly Lazarus Group

knows that's not the case here. And I was sitting in my living room at around 1030 a.m. when I found out that this happened. And it happened on a Friday. And Bybit is headquartered in Dubai. So if we're doing math, we're thinking about

roughly 7.30pm on a Friday night, people have gone home for the weekend, and getting a team up and running, that's going to be operating around the clock to monitor this, that timing wasn't coincidental for North Korea. So I know I kind of touched on a lot of points there. But I think there's, there's this timing aspect, there is this meticulous,

wide scale, widespread effort to launder money. You've seen the spider web graphs that blockchain analytic companies have all over the place. This is just the truth of what an investigator has to be watching and monitoring in real time at any given point in time, 24 hours a day, seven days a week. And I think this 24th

Seven elements actually also makes it very challenging and exciting for people who are trying to work out exactly what is happening in such a short span of time. So I think we switch gears a bit. Considering the decentralized nature of cryptocurrencies, right? What role does, say, blockchain analytics and international cooperation play in, say,

identifying and mitigating risk posed by this kind of state-sponsored cybercriminal groups like Lazarus Group, for example? Listen, tracing through bridges and DeFi protocols is, as you saw, something that can be done by most anyone out there who has some investigative capabilities in this ecosystem. I think the real focus is still always going to be

on that point of transferring crypto to fiat. And so as much as the rails in which they offboard and off ramp become more challenging to get to, I think the industry is doing a better job. And like, not to say that we want to sit here and watch them try to launder this until they have zero dollars left because they've spent it all in fees trying to launder it.

But I think there is some value in the fact that it's just going to take significantly more of an effort by North Korea to get to the point of cash out. I think the days are gone where you could try to sneak

$500,000 or a million dollars out of a mainstream exchange in 2025. And while crypto is 24-7, certainly fiat transfers are still not. And so if you are looking to cash out an exchange, yeah, you can go try to cash out at that exchange quickly and execute your request to wire the proceeds out to your

But there's still got to be a 24, 48, 72 hour hold before those funds actually leave the exchange. And so I think there's this ever present opportunity to disrupt. And because all of these exchanges have real time, 24 hour incident response teams, they

The blockchain analytics community, we have our global services and global intelligence teams that are 24-7 working on this as well. And law enforcement's doing the same. There is this ever-present opportunity to seize and disrupt. And we announced, I think, pretty early on as well that alongside Tether, we seized $100,000. And while $100,000 out of $1.5 billion doesn't feel like much,

If you're doing that every few days, you're taking money away from them pretty quickly. And that's going to add up ultimately. So what is the one thing you know that very few people do in the realm of, say, cryptocurrency and this kind of national security intelligence when dealing with people who is trying to, dealing with groups that are sanctioned? That's a great question. The thing that's most fascinating, we talk a lot about

how complex North Korea is here. But when you compare it to some of the other illicit groups, particularly those that are sanctioned, say your terrorist organization that's soliciting donations on Telegram or some other social media outlet, understanding what that difference in the level of complexity is, I think is really fascinating to actually know about. When we're talking about DPRK, we're talking about

laundering of funds through tens of thousands. By the time we're done, it'll be hundreds of thousands of wallets. And then on the other end of it, we have a terrorist organization that was sanctioned mid last year for facilitating on behalf of Hamas. And after they got sanctioned and their addresses that they were using got seized and disrupted, they got annoyed and they tried to bridge

funds with their new Ethereum wallet after they received a few donations and they didn't even have the gas fees to facilitate it and the transaction. It's like when we're talking about the difference in the level of complexity here, it is really fascinating to know the nuance

And it's not to say that other nation states like Russia or Iran don't have any level of complexity. They certainly do. We've seen Iran and the Iranian Revolutionary Guard Corps launder money fairly effectively at scales of hundreds of millions of dollars. So this is certainly not something that others aren't doing, but it is really fascinating.

fascinating to see the unique differences between different sanctioned actors and the way that they utilize cryptocurrency today. Yeah, I think it would be a joke if they don't have enough to actually make the transaction move.

But I guess given the increasing sophistication, right? I guess what about the cryptocurrency exchanges and related companies that can actually bolster their defenses against such threats, right? I mean, if you think about just crypto trading, when I first started off many years ago, say 2015, now every little transaction I made, sending something to a wallet, everything is being monitored. It's actually quite difficult.

to actually have, like for example, any of these groups out there to just go to any exchange now to try to move money to off-ramp because it's extremely difficult to do so. So how would, what else can the exchange do to actually improve their defenses against these groups?

So one of the things that's obviously really taken off is the use of blockchain analytics. And for those of you out there that aren't really familiar with how a blockchain analytics firm integrates with an exchange or a financial institution, essentially the way it works is that the blockchain analytics firm's goal and responsibility is to map transactions.

the crypto ecosystem. So that includes mapping the wallets that are being utilized to launder the proceeds from this $1.5 billion hack. We're mapping those in real time. So the second money moves, we're tagging it and saying, this is Bybit stolen funds. And then any customer of ours who utilizes our product

If they were to receive those funds from that wallet, they would immediately get an alert notification holding those funds and then be able to freeze and disrupt them. I think the thing that's challenging that has obviously with a lot of increased compliance control frameworks and a lot of additional regulation, but something that every exchange, every financial institution will continue working on is that KYC aspect of it.

I think what people don't necessarily realize is that somebody isn't signing up for an exchange under the name Lazarus Group laundering person number two, right? Like this is going to be somebody with more than likely falsified documentation operating in a jurisdiction that is permissible for the platform to have them on. Maybe they've done some level of trading before, but certainly not

I think once that person receives laundered money,

Bybit hack funds, you need to understand what other touch points that person has to your exchange. And this is information that's only available to an exchange, but other accounts that belong to that email address or that have signed into that same IP address and really utilizing the full tech stack of metadata that's available in the day of internet banking to ensure that you aren't

having these hackers or the people who are facilitating this hacking network sitting at your exchange, lying in wait to receive funds so they can quickly move it on or attempt to cash it out. And so I think that's the area where everyone can always continue to improve. But that being said, I think the industry has come leaps and bounds and it's making it harder. And the bigger the hack and the more money at stake, the harder it is to get those funds off ramped.

So I think I want to talk about the 2025 Crypto Crime Report by Chainalysis. So I think one of the things it highlights is actually the shift where sanctioned states are actually increasingly utilizing things like stablecoins, central bank digital currencies or CBDCs, and also decentralized finance platforms to circumvent enforcement. Can you talk about

elaborate more on how these alternative financial mechanisms are actually being leveraged for say things like sanctions evasion? Yeah, it's a great question. I mean, if you think about the value of stablecoins for a nation or an actor or group that's subject to sanctions, like when you're subject to sanctions,

That means that you can't utilize the U.S. dollar in the traditional banking ecosystem because of the stability and the consistency of use and the global usage of the U.S. dollar. It is still the primary currency that people are looking to trade in. And so with that said, you know, if you can't do it through a traditional financial institution, certainly a stablecoin,

becomes potentially, you know, interesting option, right? It gives you that ability to utilize the US dollar equivalent. And, you know, if you're attempting to launder money, it's a new way.

The crux of the problem, though, for them in reality, though, is that stablecoin issuers have this ability to freeze funds wherever they're located. So you don't even need to wait until funds get to a centralized exchange that will respond to a law enforcement inquiry or subpoena. You can at any given point in time, if you know funds sitting in a wallet,

belong to a sanctioned person, these stablecoin issuers have the ability to seize and disrupt. We actually just saw this in a really massive effort just last week in the takedown of Garantex, which is Russia's largest sanctioned cryptocurrency exchange. It had facilitated tens of billions of dollars, much of which involved everything from

facilitating the laundering of ransomware, facilitating sanctions evasion. There were plenty of money launderers who laundered money for oligarchs in Russia who utilized Garantex. And with one fell swoop,

I think the number is 28 million, but somewhere in that range, $26 million was completely seized in USDT by Tether. And then on top of it, law enforcement was able to take down their website. So it was really a one-two punch in knocking them out. But that being said, for a sanctioned entity, for a jurisdiction that has a lot of trouble accessing the global banking system because of the fact...

In the case of Russia specifically, nearly every Russian bank has been sanctioned by the US. And all of those banks are also subject to secondary sanctions, which I can get into a little bit later.

But in that, it provides this challenge where the everyday Russian national, whether somebody who's laundering money or ransomware, needs to attempt to utilize something other than U.S. dollars through their banks, looked to move somewhere like Garantex. And Garantex used stable coins. But as a result of the decision to seize those, they now have no more stable coins. Yeah, I think it's a...

Really a wow shock for them, right? So I guess with countries like Russia, say they pass legislation to support, say, international crypto payments, they align with, say, nations like China, India. What challenges does this pose to, say, traditional sanction frameworks and how would authorities actually adapting to these developments? I think we are talking about the secondary sectors.

sanctions piece in this question now. Yeah, that was the perfect segue. Yeah, so I think secondary sanctions actually play a really unique role in this. And so I presume the everyday person out there doesn't know what secondary sanctions are. But essentially, what that means is that if an entity is sanctioned,

Doing business with them can cause a fine for your institution or you may be subject to criminal liability. So civil or criminal liability. However, if you are interacting with someone who is subject to secondary sanctions, that means that just by interacting with them, you could actually just get sanctioned yourself, which doesn't apply if you are just interacting with someone who's otherwise sanctioned normally.

So that being said, when you're talking about the application of secondary sanctions, when you're talking about sanctions as a use of carrot or the stick, it is really the stick because ultimately what that does is it says, hey, listen, we're not just going to potentially financially punish you if you go do business with these actors, but you are subject to that sanctions risk. So

Where I'm getting at with this is because all of the mainstream financial institutions in Russia have been subject to secondary sanctions. Jurisdictions like China or India that might have been considering doing business with Russia in, you know,

rupees or in any other currency that isn't the US dollar, certainly are going to have second thoughts about that when secondary sanctions are applicable. And so those secondary sanctions were applied across a lot of different aspects, including Garantex, which was Russia's largest cryptocurrency business. So when you're thinking about the concept of, yeah, okay, Russia has

produce legislation to facilitate the usage of cryptocurrency to conduct international business.

I guess the thing that, you know, I'd be curious to see is how does that actually work in reality with any sort of scale? We've already talked about the cooling aspect that has come from the secondary sanctions. Certainly, China was interested in doing business with Russia before those secondary sanctions got implemented. When they did, there was clear cooling effect.

But then on top of that, you also have the issue with stable coins, which is like if you want to interact with something similar to the US dollar with your international partners, you run that risk of those funds being seized and disrupted at any given point in time in the transaction process. So.

I think, you know, there's certainly an opportunity and it's not to say it doesn't happen. It's not to say it can't happen. But most people don't want to conduct international trade with a volatile asset. You know, if you're selling oil already at a discount and you're getting Bitcoin back and Bitcoin goes down 10% today, like, I don't think people want to be losing that kind of money just because of the volatility of the currency they trade in. So, you know, I think it's still yet to be seen

how that actually would play out with any sort of scale in reality. So I think as things like decentralized finance platforms persist and evolve, I think they are one of the more interesting things that happen in the crypto space. How are authorities and say compliant tools actually adapt to close the loopholes exploited by the sanctioned states? Because actually in these cases where traditional banking controls become very, not very effective,

on there because now they don't need to bypass the traditional exchanges, they just go to the decentralized exchanges and depending on varying degrees of controls by this decentralized finance exchange. So how would that change in terms of from your perspective?

Another really good question. I think the framework for how regulation sits around things like decentralized protocols and the DeFi ecosystem, Web3 ecosystem more broadly, bridges, whatever it might be.

It's still up for debate. We've certainly seen Tornado Cash be a pretty heavy hot button topic across the industry on both sides of the fence. I have personal thoughts. I think in reality, the sentiment that came from the U.S. government around Tornado Cash is like, hey, listen, these mixing services, these decentralized mixing services or

DeFi protocols more broadly, I suppose, you know, can exist, but not to the tune of laundering hundreds of millions of dollars on behalf of North Korea. So I do think it brings up the question of, you know, if things like IP blocking and automated controls for DeFi protocols to block

certain types of wallet exposure maybe is the answer. Maybe it's not. We've also seen challenges shortly after the Tornado Cash designation. I'm not sure if you remember, but in protest of that sanctions event, a handful of people sent

you know, Tornado Cash funds to Jimmy Fallon and Snoop Dogg's wallets. And what happens then is their wallets are now tainted with sanctioned entity exposure, which means maybe they're not allowed to use DeFi protocols or they're going to now have trouble cashing out personal funds from their own wallet. But that's what's happening also in the crypto space, right? There's this thing called dusting attacks. I see it happen quite a lot being a Coinbase wallet.

owner, right? And then essentially sometimes I'm really wondering what should I do with this little dusting attack that happened? But I think it goes into the exchanges. I think the exchanges will see that if you refuse to declare means, you know it's a dusting attack from that point of view. But how would you, where this kind of thing, forms of doing this kind of illicit activities are becoming more and more

Like it can actually touch the consumers without all of us can become, get involved in the secondary sanction situation at scale.

Yeah, listen, I think most government agencies have some level of understanding that, you know, if you've been dusted by somebody with a few dollars, you're probably not a national security. That was what they did to Jimmy Fallon and Snoop Dogg. Yeah, Jimmy Fallon and Snoop Dogg, the national security risks in the United States. No, you heard it here first. No, just kidding. But in reality, I think this is just part of the growth process in the crypto ecosystem and where...

compliance and regulation will ultimately land. I don't have a crystal ball to tell you, but I think the sentiment exists. What happens in some of these circumstances? I even read today that one protocol that had been used had taken fees from the transfers and there was a request to return those earned fees from private, right? So, I mean, there's this whole world in...

crypto as far as a financing mechanism that I think, you know, still probably could use a little bit more clarification around what those regulatory boundaries and frameworks are going to look like. What they are, I don't know yet, but I do think that, you know, there is

Definitely still more to come when it comes to that. So like in this situation, right, what kind of proactive measures can the crypto industry actually implement to say enhance a compliance and deter illicit activities? I mean, specifically to evolving tech like DeFi, privacy coins. I think there were some proposals, like for example, Vitalik talks about privacy pools and

you know, people have tried to come out at least the builders like at least try to come out with protocols that tries to at least address some of these issues that are prevalent in the industry itself. I think there are a lot of

ways that this can go, I think ultimately it's going to be a balancing act on both sides of the industry. It's going to be a little bit of overcompliance, a little bit of understanding. I mean, we've seen a lot of, you know, large exchanges, off-board privacy coins like Monero. So they just simply no longer interact in them. You know, some

deal with mixers. Some don't, you know, how does, how should an exchange treat funds coming from a mixer? Like maybe zero knowledge proofs kind of help with that and validate that, Hey, this person's source of funds on the other side was definitely clean. So they're just chopping it up because they wanted to send their friend a hundred dollars and didn't want their friend to find out that they made a hundred million dollars investing in 2013. Right. So like,

I think there's an endless number of routes that this could go where there's more compliance, more regulation, but more freedom and more opportunity to operate with some mutual middle ground. So what is the one question that you wish more people would ask you about sanctions and crypto industry that they usually don't ask you? Where am I going on my next vacation? Oh, yeah, yeah. Where am I going on my next vacation now?

No, I probably get that I don't always know the answer to. It's like, what's next, right? I think as much as entities like Lazarus Group and North Korea are going to continue to be creative, I think there's that question of how are they going to go about it and what is going to be the next way in which they do it. And so I think those are the types of things that are...

constantly on my mind. I know I kind of asked and answered my own question here, but I think, you know, to answer the question of what I do think is next with, say, North Korea is like the ease in which the access to the technology to facilitate the access points is getting to become a lower barrier. And what I mean by that is that

If you wanted a fake passport or a fake national ID card 10 years ago, you had to go on a darknet market and wait for one to come in the mail and then take pictures of it to upload to your banking platform or wherever.

But in today's day and age, you know, they're relying on a digital photo and people are so good at doing deep fakes of passports, you know, ID cards, whatever. It costs, you know, a few bucks, 10 bucks, 20 bucks.

if you really want to spend up to get one of these, you know, fake passports that could potentially be passing KYC. And then for a few hundred dollars, you could even set up AI voice and facial recognition software to validate. So, you know, even if an exchange or a platform is asking you to take a 10 second video holding today's newspaper, telling me what today's date is with your passport and your other hand, like somebody can with few

A few hundred bucks, make that happen and be Brad Pitt if they want to. So I think ultimately the access to the level of sophistication will make it hard on the industry to prevent North Korea from...

facilitating those entry points. And so I think like if I'm thinking about the emerging threats that come to be, it's new technology and how our compliance processes

programs, how our Web3 companies that are hiring a remote employee conduct the relevant level of due diligence to verify the information that they're getting. And so I think the blockchain might be an answer for some of that with some smart contracts validating identity. But no one implemented it yet.

Not there yet. No national repository of confirming who every citizen is. I do notice that some of the blockchain companies I talk to most of the time, nowadays they actually would do a lot of background search, even the developers they hire. I think they have a great fear that they could get compromised easily.

And I think this is also changing the way how people talk about the industry today versus 10 years ago, where any pseudonymous or anonymous person can join the protocol as such. So my traditional closing question then, what does success mean then for the crypto industry in fanning off these sanctioned hacker groups moving forward? I think a little bit of it is lesson learned from security breaches and ensuring that you have

strong security frameworks in place, that you have due diligence processes around your employees, ensuring that your organization, whether directly or through a third party vendor, isn't going to be susceptible to that security risk. I'd probably say for everyone in the world, just don't click on any email link ever. Yeah, I

I actually do that now. I literally do not do that. I literally just go to the website in a separate thing and check there myself rather and even open sometimes in incognito mode.

Exactly. And then on the other side of it, you know, just continuing the building of effective, active compliance programs that are readily available and can, with the snap of a button, with, you know, an immediate call from law enforcement, disrupt a network.

And, you know, the continued efforts from blockchain analytics firms to help, you know, facilitate the seizure disruption and return of funds. And then, quite frankly, the transparency of the blockchain and the immutability of it in and of itself is a security measure, right? The fact that every transaction is out there, the fact that we're still tracking over 90% of $1.5 billion that's already moved through tens of thousands of wallets.

And we're still tracking over 90% of it. And it's not to say that even that other 10% has been cashed out, like I mentioned before, it's fees, it's other funds that have been frozen and some of it that's been cashed out. To have that opportunity and ability, I think,

the industry is only getting smarter and better with this. And it makes incidents like this harder to execute in reality, which hopefully someday deters the even interest in trying to do it to begin with. Yeah, I'm looking forward to the days where cryptocurrency exchanges don't get hacked.

So, Andrew, many thanks for coming on the show. And thank you for really educating me on some of the, I think, very nuanced aspects of sanctions and things, you know, that I don't think normal people actually thought about when these things actually happen. So in closing, two quick questions. First, any recommendations that have inspired you recently?

Oh, man, I think recommendation of topic of the day is to go read The Lazarus Heist by Jeff White. If you want to know how cryptocurrency and other traditional banks have been exploited by North Korea over the years, that also reads a little bit like an action thriller, I'd say go read that. So a little bit of a plug over to Jeff for that, I think is top of mind recommendation here today. How did my audience find you?

Just on LinkedIn. So Andrew, you can look me up by name. I'm not a crypto Twitter guy myself. But you monitor crypto Twitter, guys. Exactly. Yeah. Many thanks for coming on the show. And of course, all of you can subscribe to us on YouTube and Spotify. We are now on video and across all podcast platforms. So of course, drop us a note if there's anything. So Andrew, many thanks for coming on the show. And I look forward to speak to you again. Thanks for having me, Bernard. I really appreciate it.