North Korea has professionalized cyber crime as its primary economic activity due to the absence of a legitimate economy, stealing approximately $6 billion in crypto assets over five years through sophisticated state-sponsored hacking operations like the Lazarus Group. These attacks have evolved from targeting technology to employing social engineering at scale, where North Korean proxies infiltrate DeFi protocols by meeting developers at conferences over months to gain access to private keys and transaction validation capabilities. The stolen funds are laundered through a complex pipeline involving privacy tools like Tornado Cash, cross-chain bridges like ThorChain, and Chinese money laundering networks, ultimately being converted to stablecoins and fiat for weapons proliferation and regime maintenance. This represents a cat-and-mouse game where bad actors leverage new technology faster than law enforcement can respond, requiring coordinated defensive measures like the Beacon Network and offensive cyber strategies to counter these threats.
Why North Korea Is Winning Crypto Crime | Ari Redbord追加:
And I've kind of rejected this idea that these are North Korea state sponsored, right? I would never use that term in our writing or when we talked about these things. These are state actors, hard stop. When I talk about the enemies of the United States and our allies, I think about China and Russia and Iran.
And I put North Korea in there as well, which is crazy, right? This is a country with absolutely no economy whatsoever.
and yet they're competing on the global stage because they've professionalized cyber crime essentially. Um there is absolutely no economy. So it's always been how do we steal and then ultimately launder funds and crypto is just the latest iteration of that.
Welcome to Bankless where today we explore why North Korea is winning crypto crime and how we fight back. This is Ryan Sean Adams. I'm here with David Hoffman and we are here to help you become more bankless. Big topic today.
It seems to be that every single day there is a hack in DeFi. At least there was almost one every single day for the month of April. Uh and this is all North Korea and the Lazarus group. But over in the world of Operation Economic Fury, we also have the IRGC uh getting their assets frozen on Tron. And just a few months ago, there was $15 billion in Bitcoin sees out of a pig butchering scam out of uh Cambodia. So, there's just a lot to talk about when it comes to crypto crime and what all the worst people in the world and how they're using crypto and what we're doing to fight back against them. So, this is the subject today for Ary Redboard from TRM Labs. Let's go ahead and get right into that conversation with Ary >> Bank station. Excited to introduce you to Ary Redboard. He is the global head of policy at TRM Labs. This is a blockchain analytics firm. It's used by governments, major exchanges. Their goal is really to trace illicit crypto. He's an expert in all of these things. He's had 11 years prosecuting national security money laundering cases at the DOJ. He's been a senior adviser at the Treasury. He's probably the single most authoritative voice that we found in the world on elicit finance and crypto. So, we are here to learn a few things.
Harry, welcome to Bank list.
>> Hey Ryan, thank you so much for having me. Really really looking forward the conversation and and honored to be on the show.
>> I almost don't know where to start. So in April it was um the the highest ever purported DeFi cases of of hacks. Let's actually start with the Drift hacked.
Okay, so to give some context to listeners, on April 1st, North Korea drained $285 million from a protocol.
This is a per protocol called Drift.
They did this in 12 minutes. Uh last week your team published a report saying these two accounts, there's a Drift report account and then the Kelp Dow one that we saw two weeks ago accounted for 76% of all the 2026 hack value so far. And what was eerie about the Drift hack to me as I was reading about this was it seemed like North Korea, who we'll talk about more, uh their groups, their hacking groups are hunting and stalking highv value targets. So again, 76% of the value from two heart targets. They were hunting the drift protocol for months. Can we talk about the means that they went through in order to pick out the drift protocol? Like it seems like North Korea is hunting and assassinating almost individual high value targets in a very methodical, sophisticated way.
Tell us about this case. Yeah, it's it's it's really extraordinary and I think it is a watershed here. Although I think it's important to go back a little bit.
I mean, North Korea has a centralized has essentially professionalized uh crypto hacking and and and cyber crime. You know, uh when I was a prosecutor for years with with DOJ, we'd look at North Korea cases involving counterfeit $100 bills and uh counterfeit cigarettes. They hacked Sony pictures and tried to steal a billion dollars from the Bank of Bangladesh. So this is this is something that has been going on for a really long time. I think what North Korea has realized say over the last five, six, seven years is that, you know, they could hack Sony or or some type of business and steal PII, essentially usernames and passwords, but in the age of crypto, this is bank robbery at the speed of the internet, right? So, what they've now done over the last five or 6 years is stolen essentially averaging about a billion dollars a year. So, we're talking 67 billion to use for weapons proliferation and destabilizing activity. So when you talk about uh the targeting um it's moved from sort of targeting the technology to really social engineering at scale and that's what you saw in the drift case where they're meeting developers at conferences right using um using other uh people that they sort of bring in to to play that role. um they're getting access to private keys uh to to to those who have uh the ability to validate transactions on these on these exchanges. So what what we've really moved from is sort of just going after the technology to going after the people and it's really social engineering at scale. That's what that's what's so unnerving about this case actually is because many of the people listening many people in crypto they go to conferences they think they know you know people in the crypto space in real life and you wrote this this was a line from CoinDesk North Korean proxy sitting across a table from protocol employees over a period of months we're talking about the drift t that is to my knowledge unprecedented so they met some of the drift team members at conferences >> apparently look like right right after this I was at Paris blockchain week right standing around sort of, you know, chatting with people. You you it it's it's you get paranoid. Um but that's that's apparently really what was happening here. They sent proxies to these conferences to meet individuals who were building these protocols. I think the the the other sort of scary piece to this is if this happened to Drift, this obviously was happening to many many more teams of developers out there who are building in DeFi. And I'm I'm very concerned that this is sort of the tip of the iceberg. Uh and we really need to take action. So, okay. So, they met the I I just can't get over meeting them in person because I always think of kind of North Korea Lazarth Group group as just their their offshore. They're the the actual shadowy super coders out there. They don't manifest in real life.
But you're saying they were hiring proxies, uh I guess paid actors, uh individuals who, you know, didn't um it didn't seem like they were from North Korea. maybe maybe same seemed westernized in in in some ways essentially.
>> Yeah, I was going to say essentially essentially it had to be right. I mean this this was something to be honest when I read uh and I think it was a report that Drift themselves put out uh that described actually their investigation and that was that was the chilling part for me too, right? Because there's this whole idea that like you basically have folks sitting in, you know, in uh military type offices within North Korea who are dealing with this.
Maybe some in China, you know, but but that's about it. And here what you had was clearly proxies, right? No one's going to engage with with someone from North Korea uh directly. So there's obviously proxies being used here.
There's a couple examples of this over the years. uh we saw an arrest of a uh US person for facilitating um the IT workers that were ultimately infiltrating a number of different crypto and and tech projects who were US persons that were kind of supporting this effort. So there are examples of this, but to me this was was pretty extraordinary and really chilling that North Korea could get Westerners essentially to do their bidding. Can you talk about how the social engineering actually led to one of the largest hacks I think the largest hack on Salana in the drift case? So what were the further details there in in that story?
>> Ultimately what they were able to do was gain access to the protocol itself and um that's where you took that social engineering piece to then have to have that really sort of technical attack. Um on March 27th uh Drift migrated uh its security council to a new uh two out of five threshold configuration which meaning meant you only needed access to two of the five validators on that platform and North Korea was able to get access and breach there. And what was also so extraordinary is this was programmatic on April 1st. Uh these pre there were pre-signed transactions were deployed with resulted which resulted in 31 withdrawals in 12 minutes and then those funds start moving. What's something you're actually looking forward to next month? Because Coinbase is doing something interesting. Coinbase 1 member month starts with 20% off your first year of Coinbase 1, plus a $50 Bitcoin bonus when you spend $100 with a new Coinbase 1 card in your first 30 days. They're also layering in extra rewards and perks throughout the month.
And if you're active in crypto, Coinbase 1 is basically designed for you. You get zero trading fees on thousands of crypto assets, 3.5% APY on USDC, and boosted staking and lending rewards, and up to 4% Bitcoin back with the Coinbase 1 card. So, if you're going to try it, now is the time to lock in that 20% discount before the weekly rewards kickoff. Start your month of more with 20% off the first year of your annual plan at coinbase.com/banklist.
That's coinbase.com/banklist.
Visit coinbase.com/banklist to get 20% off of the first year of your annual plan today. Offers are valid until May 31st. Terms apply. Coinbase 1 Card is offered through Coinbase Inc.
and Cardless Inc., card issued by First Electronic Bank. Bitcoin back rates are based on card holder assets on Coinbase.
Quick shout out to OKX. They are live in the states building the new money app and Wall Street is taking notice. The parent company of the NYSE just invested at a 25 billion valuation and took a board seat. That's the New York Stock Exchange coming to crypto, not the other way around. And why OKX? It's the only app combining a full centralized exchange and self-custody wallet in one place. Sex trading, DEX access, onchain activity, all in a single interface.
Norah bouncing between five apps, copying and pasting addresses or bridging tokens in separate tabs. They support Bitcoin, Ethereum, Salana, Bass, and more. Millions of tokens, just a few clicks, and an infrastructure that processes trillions in transactions and keeps assets fully backed. OKX users are set to get tokenized New York Stock Exchange stocks and derivatives later this year. Trady and DeFi finally in the same app. Head to the link in the show notes, download OKX, and see why it's the NYSC's go-to for going bankless in the United States. Not investment advice. Services not available in New York, Kentucky, and Texas. You would have never thought two years ago that you could soon be trading tokenized oil on MetaMask, but here we are. I've been using MetaMask since 2017, and we all remember buying NFTs with it in 2021.
And now in 2026, if you haven't checked in on MetaMask recently, let me tell you, you can trade tokenized stocks, funds, and commodities along with leverage perpetuals, prediction markets, and even yes, you can gasously swap between crypto tokens across networks, too. There's advanced security features like MEV and frontun protection, and even a debit card, so you can actually spend your crypto directly at merchants all around the world. And it's all self-custodial. Everything you want to trade in one place. This is the open money future we've all been waiting for.
Check out the new MetaMask. It's already on your phone or in the link below. So, this turned into a hack of uh $285 million, I believe. And and this was a drain that that lasted just for for 12 minutes and then it was kind of over. Um a pretty incredible hack and I suppose a a big win maybe for the hackers. I I'm I'm curious to learn a bit more about them. So often times we hear about it's just like North Korea. Sometimes we hear about a subgroup called Lazareth. I've also heard about um a trader trader bureau 121. Like all of these different subgroups.
And when I've heard people talk about this previously, it almost seems like there are these like decentralized groups within the North Korean government that maybe operate somewhat autonomously but sometimes in a coordinated way. Can you give us a lay of the land for all of these various groups in North Korea? How they're incented, how they're structured, like what do we know about them? A >> absolutely. And it's interesting. I think my own views of this have evolved over time, particularly recently. Um, you know, going back even a few years, I've just always thought to myself, this is North Korea and I've kind of rejected this idea that these are North Korea state sponsored, right? I would never use that term in our writing or the way we talked about these things. These are state actors, hard stop, right? This is the North Korea government who's realized that, you know, I I stepping back for a moment, right? When I talk about the enemies of the United States and our allies, I think about China and Russia and Iran. And I put North Korea in there as well, which is crazy, right?
This is a country with absolutely no economy whatsoever. And yet they're competing on the global stage because they've professionalized cyber crime essentially. Um there is absolutely no economy. So, it's always been how do we steal and then ultimately launder funds and crypto is just the latest iteration of that. So, what they've done is they've built a cyber army essentially and it it has different names and you're right that it's becoming more and more decentralized where these groups are acting on their own. They have certain signatures of the way they ultimately launder funds, the way they steal funds.
But I think that the easiest way to understand this is this is just North Korea. Um, you know, I people ask me all the time, how have they done this? Um, there's an amazing podcast called Lazarus Heist on the BBC, which walks through two seasons of how essentially they've built this capacity. Um, but essentially what it is is like they raise kids from a really young age to be hackers, to be cyber warriors. You know, think Russian gymnast right in the 1980s. They take you if you show um the the abilities in STEM and they you have access to the internet which most um North Koreans don't have. Maybe they'll send you to China to compete or for education and they are building this essentially army of cyber warriors that now are attacking crypto exchanges, right? Uh you know a couple years ago they were involved in other types of activity and um and it's it's really it's really crazy. And I think the the the most troubling part is unlike the hacks that occur from time to time, right, in sort of more of the private way, you know, the the money stealing that we see in crypto, the scams, this is to fund weapons proliferation, right?
This is to destabilize the Korean peninsula. So, um this is this is this is North Korea. This is not a situation where you have China or Russia where there are maybe groups where the uh the government uh turns the turns the other way. This is the actually the government. This is the army.
>> How much of this behavior out of North Korea just comes from the fact that they just like don't economically they don't really have any other options? Like if you ask me what North Korea's biggest exports are, I have no clue. I have no clue how North Korea makes money except for the fact that they steal hundreds of millions of dollars all the time from the crypto industry. And so like may this is just like born out of necessity from North Korea. They just didn't have any other options. And so they learned that like there's money on the internet that they can go steal. How much of this just came out of the fact that like this is just what they need to do to survive?
>> That's so much what it all has come out of. But what's interesting is you just watch the sort of progress of this. Um and I mentioned, you know, in in we we've looked back at North Korea. You know, people ask me all the time, hey, how did you get into crypto? Right? And I wish I had the better origin story where I like, you know, bought in 2011 or or or whatever. You know, I would be driving around in my Lambo like everybody else. Um, but for me it was actually North Korea. I was a national security pro prosecutor at the US attorney's office in DC and we started to look at moneyaundering cases involving North Korea and we started to see Bitcoin in those cases and uh this was way before these sort of really you know attacks at scale certainly before DeFi and I said to myself wow this is really cool technology where you can move funds crossborder at the speed of the internet. um and tried to sort of understand like wait wow how could we use this for good but also at the same time realizing this is really a technology we need to keep out of the hands of bad actors. So North Korea has really been early here. Um but you're absolutely right it's it's born out of necessity.
>> Just going back and just labeling some quick uh hacks $ 1.5 billion in February 2025 from Bybit the $300 million recently from from Kelpo. I think that's down to $200 million. There's the Ronin bridge I think that was also North Korea. substantial numbers, multi-billion dollar. I don't know. I don't know if you have off the top, but they had like a total amount of some >> 6 billion is what you said, right?
>> Yeah. 6 billion.
>> We just put out a report, I think last week, that said 6 billion um over the last, you know, 5 years, something around that.
>> What and how do they do with their money? How what happens next with $6 billion in crypto assets held by North Korea? Like what how do they turn that into something productive? So, so that that becomes the challenge and for for TRM at least the most interesting piece of the puzzle what we're focused on, right? So, the attack happens and we can get into maybe how we can stop those at some level, but then the laundering begins and North Korea laers differently than certain actors. They want to move the funds as fast as they can. They're going to use services, mixers, and other types of services to offiscate the transactions, but they're actually less worried, well, they're not worried at all about getting caught. what they were worried about is getting those funds offramped as fast as they can in order to use them. Um, you know, and it's hard to say what exactly the ring used for, but everything in North Korea is being used for weapons research, for missiles, um, who knows, for crown royal, for the regime where no, you know, uh, it's it's it is it is being used to prop up a a rogue regime, um, essentially. Uh, but that is really the sort of the interesting laundering piece. North Korea needs to move the funds as fast as they can to get them to offramps to use them and and they're going to lose some of that. Um we see that in the by bit case, we see that in the Ronin Bridge case. Um but they'll get enough off where this certainly becomes very very valuable.
>> Was there like a before after moment in the just power and capabilities of North Korea after crypto? So like once they started hacking hundreds of millions of dollars, I would imagine as we kind of discussed the this prowess, this capacity for for you know hacking the internet and stealing the funds came out of crypto and came out of necessity because they didn't really have any other economic engine for themselves.
Has North Korea become substantially more powerful and their their their military, their weapons, whatever is more capable because they have all these billions of dollars coming in Florida?
like what can we say about like how crypto has impacted the arc of North Korea?
>> Certainly hard to say, but I don't know that there's been any economy within North Korea over the last, you know, couple of decades that could have done, you know, a billion dollars a year um on on on average uh for for the regime. And I think what we're really concerned about right now in this moment, right, why we're having this conversation is that um you know there this this year now North Korea is the vast majority of hacks and the the drift um hack feels like a playbook and how many of these are are are in line essentially in tow right now in order to try to go after.
So my concern is that there have been a number of really key moments when it comes to North Korea. You mentioned the Ronin bridge. It was a $600 million hack which at the time was absolute gamecher and I actually think it got the US government at least very focused on the issue. Um we had a number of meetings with US uh Korean and Japanese um leaders in order to figure out how we can come together as sort of a trilateral to go after these guys. Um that was a huge moment. You mentioned the bi hack in February of 2025. That was the largest bank robbery in human history and it wasn't even close. Right.
1.5 billion just walking out the door.
Um, and then I think we're in this moment right now where DeFi is the target. Um, where we're seeing them move slightly differently. The social engineering piece has always been there, but now it's more pronounced. So, I think that now we're seeing um, another one of these moments and we got to stop this.
>> Yeah, that's what's so scary about that drift hack. Keep coming back to that.
It's almost like the idea of you could have sleeper cells out there like infiltrated in in your company. I mean, they waited months to pull this off. It almost had the sophistication of you like you read about massage and what they're doing what they did with kind of the you know the pager attack for instance. It's that level of of nation state sophistication and patience like they they set up a fake partnership like a shell company with all of these just like fake investment in the company. They made an investment in the project.
>> Yeah. Just like incredible >> significant investment. I want to say they said it was about a million dollars or something.
>> Yeah. Yeah. Yeah. Okay. So the a few other things I I wanted another way to ask the question David was asking is is like is $6 billion a lot of money for North Korea?
>> $6 billion is a huge amount of money for North Korea. There are many countries in the world where that might not be true.
That is a huge amount of money for North Korea.
>> Okay. Okay. That's that's what I thought. So this is a major funer of their weapons uh program then.
>> So they're not stopping anytime soon.
>> They're not stopping. In fact, I think they're very bullish after this last this this last last month.
>> My god. Very bullish. Yeah. Um, okay.
So, what does national security uh at the US think about this? So, under a less cryptofavorable administration, we used to hear murmurings that, you know, the White House national security wanted to sort of shut DeFi down, shut crypto down partially because of these types of hacks, right? is just like look if you guys can't secure your programs, your your your DeFi and your crypto assets, like this is becoming a national security threat to the US and like we might have to just come in and shut you down. Like I don't think I ever heard that kind of statement. Exactly. But you almost felt that sentiment or those rumors possibly. What What about that is what is what about that is true, I guess. What does national security think about the the state of uh crypto right now? Are they kind of pissed that this is happening?
>> Look, I look the the folks that I've been talking to on this are very much like, well, how do we stop this from happening essentially? And it's not so much, hey, we're going to shut down these services. Um I I think the reality is, and I kind of went through this, right? Like North Korea has attacked every sector. Um you know, they have attacked banks, they have attacked tech companies, um they've stolen PII. We're not going to shut down hospitals because they're victims of ransomware attacks at scale, right? Hospitals are the number one uh target. I think it's like 50% of all targets are hospitals for ransomware attacks. So, I think the question really becomes and the questions we've had with the White House, the Treasury Department, um the National Security Community is how do we stop it? And I at least advocate for sort of two ways to think about that. The first is hardening cyber defenses, which we all know needs to happen. And I think the DeFi community is having a conversation over the last couple weeks in a pretty meaningful way about we might not have standards, but as a community we need to come together and at least come up with best practices, you know, um for protecting these platforms. So I think that's that's a really critical piece.
Cyber security uh should be built in to a protocol. Um but the second is the one I'm more focused on and it's it's like we got to stop blaming the victims here.
Um right, you know, essentially North Korea is attacking these project at scale. We got to attack North Korea.
Yeah.
>> So, you know, to me, if North Korea steals 285 million from Drift, we need to go steal it back. And what does that what what does that look like? It looks like offensive cyber. Um, and we have the capabilities within the national security community. Um, I I believe we're using some of those. Um, but we need to be doing it in a much more meaningful way. I felt this after the Biden hack, right? They could steal 1.5 billion from an exchange. Let's go get it back. um let's target the bad actors.
And that's mostly what we're kind of hearing out there. Just like again like backing up for one moment, I I think about this all the time. I think we're in this really interesting moment in human history where the private sector has all of the data, right? Like we have this rich data set of blockchain data, AI, um and the government has all of the authorities. And what we need to do at TRM is we try to ensure that the government has all the data they need, but we also need some of these authorities. The private sector moves very very quickly. Give us the opportunity, give Seal, uh give uh some of these other uh give Zack XPTt, give us some of the authorities to actually go after these bad actors ourselves. Um and I think we could really make a dent in in this issue. Well, I I love how badass that sounds and definitely what I want. My uh reservation is that it feels somewhat asymmetric where uh the Lazarus group is attacking our like DeFi protocols which are complex. They have, you know, attackable surface areas.
There's ways to penetrate them and then once North Korea gets their hands on the crypto assets, what do they do? They just hold it in raw ether or raw Bitcoin. Like how do we how do we attack that? And so it seems somewhat asymmetric. So it while I love the notion, I think I will need further convincing that that's even like a feasible thing to do.
>> I I I love that. Um I think there's probably a ton of ways around this. Um and it's not it's it's not easy and I don't I don't want to make it seem easy.
Um but let me give you an example, right? Um after the um Colonial Pipeline ransomware attack, which is probably the most famous ransomware attack ever, right? I don't know about you guys, but I was having trouble getting gas in DC, you know, for for a couple of days, right? It was it was it was pretty significant. I think it moved the cyber uh crime, cyber attack conversation to a very mainstream conversation. But ultimately what we were able to do is tra track track and trace the ransom payment and law enforcement and national security agencies were actually able to use tools to take them back essentially, you know, and and I I don't have access to those tools. Um but essentially crack private keys. Did they beat them out of someone? Uh did they uh did they actually have access to them through through an a hack on a computer system?
you know, these same bad actors, China and others are attacking our uh computer systems for our government agencies, right? The US Treasury Department recently a victim there. Um, so I think there are things that we can do that aren't necessarily like, hey, we're going to breach a DeFi protocol that North Korea is using in some way, but I do think we could breach their computer systems that are potentially holding at least information that can allow us to do some of that. um this is a little outside of my area of expertise but I really want to empower uh the private sector and the public sector to work together on this.
>> I love that idea. Even the idea of empowering the private sector is like uh what is that you know commission bounty hunters or something like so letters of mark right? So this is what I'm I'm advocating for right in in at the in the during the US revol US revolution and um and uh about a war of 1812 what we would do is we would actually commission privateeers to go after pirates on the high seas. Okay? Why? Because because we can move faster cuz you know private individuals with boats can just go get them. also with incentives, you know, hey, you get a you get a 5% cut of that >> with incentives. So, think cyber letters of mark, you know, pirates today are on blockchains and in cyerspace. Let us with the tools and the training and the expertise go after those guys where they live.
>> Hell yeah. I love that idea actually.
And in fact, maybe uh I I'm I'm most excited about that uh versus all of the other defense um you know, which we need to do defense.
>> It's like it's like basketball, right?
like defense wins championships. I get that. That's how we're going to stop this in the long term, >> but we got to also play offense here.
>> Did we do some of that? So, actually, I wasn't aware that the Colonial Pipeline um ransomware had kind of a happy ending and some of the funds were recovered.
But I did see a story. I think this was back in uh October of 2015. Dave and I talked about it on a bankless show. This was um FBI DOJ successfully seized 15 billion in Bitcoin from a massive international pig but butchering ring.
That was the very famous uh Chenzai pig pig butchering ring I believe. And somehow mysteriously assets were recovered.
127,000 Bitcoin was recovered. $15 billion.
That's got to be one of the largest asset seizures by the DOJ in FBI in history. And it's like mysterious as to how they actually recovered those funds.
I I saw blockchain forensic analysts being like, "Huh, this is weird. It's almost like they somehow got their hands on the private keys. I wonder how they did that." Do you know anything about this? Yeah. You know, look, I I I um I talk about this case a lot. I think it's really a great example of of so many of the things that we're calling for. Um, first first and foremost, we we need a whole of government approach, right?
This is scams and fraud are now a national security issue. We're seeing transnational criminal organizations.
You mentioned Shenzee and the Prince Group, which is out of Cambodia, was running these massive scam compounds that were stealing billions of dollars from from Americans.
>> When you say massive, you're talking about thousands of employees almost in like call center data center. thousand of employees, many of whom are human trafficking victims themselves, who are lured to these places. This is the very this is like the worst financial crime scourge that we've seen, certainly in my lifetime, and I've been doing this stuff for a really long time.
>> Um, and and you talk about things we need to use every national security tool, but we really did in the Prince Group case. And when people ask me what we should do, I'm like, actually, we have the playbook, right? DOJ indicted Shenzi, who was the ring leader here, who actually operated at the highest levels of the Cambodian government. We did the largest forfeiture action in human history, $15 billion, right, that you mentioned. I mean, unbelievable. But then OFAC also sanctioned uh Prince Group. We saw Fininsen actually take down their primary um moneyaundering facilitator called Wii One and it was really this whole of government interact agency approach to go after these bad actors and it's a win. The problem is there's like 10 15 more prince groups out there throughout Southeast Asia and the world. But in terms of the the the the taking the 15 billion itself, you know, it's hard to say um how exactly we we we did that. I will say I highly recommend reading the uh the forfeite action and the indictment in the case.
There's a really interesting paragraph in there that talks about an insider who had access to uh some of these funds and um and Shenzi at one point getting very upset with this person um and kind of wondering, you know, how that maybe dovetales into some of how we were ultimately able to to to seize and then forfeit um these funds. But I think there's a lot of uh a lot of nuance there, a lot going on. But um I I I think it's a playbook for how we can go after these scam compounds.
>> I love that. And you know, part part of that is is something that only a another nation state can actually do is to actually just I I don't know. I I saw pictures of the guy what what's his name again?
>> Shen Shenz.
>> Shenzee being arrested. I mean, you got the sense that there was cooperation with the government. The special forces kind of like came in and just like picked this guy up and brought him to justice. Well, what's interesting about that case, so just to be just to be clear, so he was not arrested. So So he was indicted. I'll tell you what you saw. He was indicted by the US.
>> I saw like a bag over his head and it was like, was it China actually arresting him? Okay.
>> So he was and we can talk about this a little bit. So he was indicted by the US >> and then ultimately China swooped in in and brought him to China.
And I think this is kind of the China narrative in my mind and that is um if you read the indictment, you read the forfeite order, um you h there's reference throughout to Chinese national security agencies in there um and how they were connected to Cambodian government, how they were connected to the prince group. And I think the reality is that for China's taste, Shenzee just flew cl flew too close to the sun. Um, you know, it's one thing it's one thing to operate this way likely sending funds back to China, but you can't get caught and you definitely cannot get you definitely cannot get indicted and brought back to the US. So before we >> parts of China were complicit here and so >> very likely or at a minimum certainly looking the other way >> too or too close or just something that's a bad look for China.
So they grabbed him so we couldn't was essentially how I that's my interpretation of what happened.
>> Um and since this is bankless, we can you know we'll take it a little further than than I might uh than I might normally. But I think that um I I think that is essentially what what happened there in terms of the arrest. But I I do want to point one thing out that's important. We are seeing a shift and I think it's a really good shift. We um TRM held our public sector summit last week where I got out in front of about 250 mostly US federal law enforcement and national security agencies and we actually talked about this point and there's we're finally seeing a shift to the way we go about our business. It's always been from a from a from a law enforcement perspective. You've got to arrest someone, right? Handcuffs on people, prosecutions, um you know, potentially going to jail.
I think we've seen a shift to asset seizure and forfeite, which to me is really important because you're not going to get your hands on the drift protocol hackers. They're in North Korea. They're in China. It's never happening. You're not going to get your hands on Russian cyber criminal groups that are doing ransomware attacks in darknet markets. You're not going to get your hands on, you know, Cambodians running scam compounds likely because they're in countries that are just not going to extradite to the United States.
But what you can do is you can take the money and that has a huge impact, right?
I mean, ask any drug dealer on the street who had their escalade taken.
They're probably more concerned with that than doing the time in jail. And I think that's a really powerful tool.
>> You can take the money. That's right. I do think that's a powerful tool. That's that's part of the offense that you were talking about. Um, but can we talk about the victims here? Because it's always been unclear to me where that $15 billion goes, right? Does the US government just seize it and take it and hey, now it's part of the strategic Bitcoin reserve like you're welcome everybody. The reality is that 15 billion dollars was taken from hundreds of thousands of individuals, US citizens, other citizens of the world through these like intricate pig butchering uh campaigns. For those not familiar with that, it's like I think it's the idea that you sort of you fatten up the the victim by um treating them nicely, socially engineering them, catfishing them, pretending to be an interested party, business relationship, girlfriend, something like this. And then you sort of milk them for their funds, right? Socially engineered. So people are losing their their money. And it's hard to kind of trace that back to individual victims. I'm wondering in these types of cases with the the seized assets, do victims ever get some of that renumeration, some of their money back, or is it just too impossible to to handle something at that scale? It's the most important question and I'm so glad you're asking it. Like when I think about these cases, and I've testified really recently once about a week or so ago before the House Homeland Security Committee on just this on how transnational criminal networks are stealing billions of dollars from Americans. And then prior to that actually I testified before the New York State Senate on how New Yorkers specifically were being attacked and I said the same thing essentially is like we need to build a victim compensation fund.
>> We need to have a way where we can do this and do it at scale. I think the biggest challenge right now is how do you associate even with blockchain tracing, how do you associate a specific individual victim with a specific compound, right? Hey, we took down KK Park so we know that you're this is part of your funds or we took down Prince Group so we know these are part of your funds. So what I advocate for and and one of the recommendations I made in that testimony I would encourage folks to read it. It's on our site. It's like a very detailed uh perspective to include letters of mark to include other types of legislation that I think could be helpful. But I think we we need a victim restoration fund and it's contemplated by the executive order that came out recently on scams. um the Trump administration put out an executive order on cyber enabled scams and one of the recommendations or one of the they call for a victim restit restitution fund. So people ask me how does this work? Um because you're absolutely right Ryan like this is tough. Um it it's it's funny enough when I um when I was a baby lawyer it was after my first year of law school so this was like 30 years ago.
Um, I couldn't get a job anywhere in the Justice Department, but I really wanted to work there. And I finally found this really um really random office uh called the uh Office of Vaccine um restoration.
And essentially what it was was like there was a public good of not allowing people to sue vaccine companies in tort, right? So if you're hurt from a vaccine, we don't want you to be able to sue the company and put them out of business because we need vaccines, right? So instead, uh, for every vaccine that's sold, I think 76 cents went to this, uh, went to this fund. Okay? And ultimately, a victim, you know, a child with an encphylopathy, some type of other damages, would petition the Department of Justice that ran the fund, and ultimately lawyers there would decide whether this claim was valid and pay out the fund. I see a victim restoration fund like that um, as the future for for for this. um it it it's for everybody.
Any victim, US person who's a victim of a scam can submit to this fund and try to get restitution there. So I I that that I think is the vision. Um I I love that the executive order talks about it because I think that that makes it very real. I think we'll get some legislation from Congress on this. Um and I think we'll start to move, but it's so important and I don't know that well it is not happening fast enough now. Can we take a step back and um just paint for the listener and myself uh what it actually looks like to work with law enforcement? So, TRM Labs, just to kind of like speedrun, correct me whatever I get wrong, but just to speedrun like what you guys do. You guys just taken all of the blockchain data. You guys have mapped out who are the illicit actors with some degree of certainty.
You guys do like risk scoring. So, like these addresses are likely North Korea.
These addresses are likely some sanctioned actor. you give that data out to exchanges so they can know what's up, but then also you guys work with like law enforcement and the FBI. Can you just like paint a picture of what look working with law enforcement uh looks like?
>> Absolutely. Um let me just back you up for one second cuz the there there's one part of that you you nailed it. Um but it's so interesting. Um how do we do that attributing addresses? We have a team of threat hunters. Um we have someone who focuses full-time on ransomware. She's a former FBI analyst.
We have someone who focuses full-time on Iran. I would say he's the foremost expert on Iran and the use of crypto today. Um, we have a guy named Nick Carlson who former FBI analyst I worked with when I was a prosecutor who is the foremost expert in my mind in the world in North Korea and moneyaundering. And what they're doing is they're out there attributing illicit crypto addresses.
So, for example, we have someone who focuses full-time on terror financing.
He is actually communicating on password protected telegram channels and rocket chat with mujaheden with ISIS fighters trying to get them to send him crypto addresses so we can attribute them in our tool terror financing.
>> We then provide that data to basically three main buckets to law enforcement and I'll kind of get into your question in a moment. Um who use it in that sort of like to me like the sexy use case, right? The tracking, the tracing, the building, the investigations, the going after bad guys. uh to regulators who use it to make licensing determinations, right? Um places like the Monetary Authority of Singapore or um or you know or New York Department of Financial Services. Um we then um also provide that information to compliance teams at large financial institutions or crypto businesses. Um so that's that's kind of the secret sauce in terms of working with law enforcement. It's a couple ways. First, we're providing them the software. So first and foremost, we're a software company. So, we're selling that data with a cool UI that allows for the tracking and tracing on top of it. Um, but we also have a really cool global investigations team that's sourced from some of the finest crypto investigators, you know, of all time. I think a lot of people know Chris Chenesky. Uh, he and I were in a very cool Netflix documentary together called The Biggest Heist Ever.
Um, he was the protagonist in Andy Greenberg's book, Tracers in the Dark.
Uh Chris is our head of global investigations and he has a team of former global law enforcement from Met Police and Korean National Police who are working side by side with our law enforcement partners to track and trace elicit proceeds and help them build investigations.
>> This question is a little bit squishy, but um how dominant is crypto and therefore like TRM Labs and you know maybe also Chain Analysis, a company that's very similar to yours. How dominant is that when it comes to just international transnational financial crime? So like maybe one scenario is like there is transnational financial crime and I don't know what it looks like for it to not be in crypto but like maybe maybe that is like some amount of the cases or is it like oh if there's transnational financial crime it's probably some component at the very least is in crypto and so you guys are always involved or very frequently involved in some of the highest level cases like just how big is this world?
>> Yeah, it's a it's it's a great question.
It's funny. usually start with this, but I think Ryan just got into drift so fast, we were just rocking and rolling.
But, uh, you know, we put out a crypto crime report a couple months ago. It basically said we saw 158 billion in crypto crime in 2025. That is a a record setting year. Okay? And that's always the headline, right? 158 billion record year in crypto crime. That only makes up about 1.3% of all activity within the crypto ecosystem. So, we're still talking about 98 99% of activity within crypto is lawful. To give you a sense of that, it's much harder to tell this in in fiat. Um, but normal numbers are somewhere between 3 and 6% is kind of what you see out there. But, right, um, so so there's that piece of just like the pure data piece.
>> The other piece is look, when I was a prosecutor, I wasn't investigating crypto cases. It just wasn't what was happening at the time. I was investigating cases involving networks of shell companies and halalas and bulk cash smuggling and highv value art and real estate. Right. Uh uh ISIS ISIS was stealing antiquities in Syria and elsewhere. Right.
>> We might call that trad money laundering.
>> Yes. Yeah. Like I just call it money laundering. I just call it money laundering. And um and and I'll tell you there's no TRM to track and trace those things. And I think that >> there's no tragedy at TRM.
>> What what uh what we now are able to do here because every transaction is logged and immutable and traceable and trackable on a public ledger. I'm sure you've you've discussed this before over the years. Uh we can do this much better in my mind. So, so when there is a big, you know, transnational crime case and it does touch crypto, are is like organizations like the CIA or the FBI, are they like stoked just like, "Oh, yes. This one has a crypto footprint.
That means we have extra tools to go get these guys that we otherwise wouldn't had it been tried crime." I >> I I think they absolutely are with with this sort of caveat, right? Um we don't live in a world um yet and who knows if we will where where all activity occurs on chain. Um every case is a mix of on and on on and offchain activity. And what we are really good at at TRM is enabling law enforcement and others to see every transaction that occurs on chain. where we lose visibility is where funds move offchain through networks of OTC brokers in China through you know hala's you know crypto like halalas um whe when it when it's trans when it's when you can move it to cash um and I think one thing I've always really tried to to to explain is that like these tools are not a silver bullet they're one tool in a toolbox that a great investigator has right so if funds are moving through an exchange what law enforcement does is serves a subpoena on that cryptocurrency exchange to get that underlying user information. And once they have it, then they reach out to Google for their Gmail. They reach out to, you know, their cell phone provider.
Maybe they're able to actually figure out their location by tri triangulating cell tower data, right? They're using all the tools that law enforcement has used um used for a really long time. I mean, one example of this, and it it it hasn't played out sadly, but I got asked a lot when there was a Bitcoin ransom demand in the Nancy Guthrie letter about how essentially this would work. Um, right, the most mainstream case that we've seen probably in a decade in terms of people really wanting to understand how this worked. And what I would explain was like, yes, there's a Bitcoin demand. Yes, if funds move, we can track and trace them, but law enforcement is going to need to use their entire toolbox.
Um, you know, because so far these funds aren't moving and there's got to be other means in order to investigate this case.
>> But, by the way, I'm just curious, the did the Nancy Guthrie case get resolved?
That that was kind of in my feed and it was big news and then I never followed that through to resolutions. Yeah, I think sadly it hasn't at all been resolved and um my sense is that that >> folks don't know uh where she is or what's what's going on with the case.
>> Wow. Uh chilling. Um c can we go back to what you were talking about with respect to onchain money laundering and how this process this flow works. So North Korea has hacked and stolen $6 billion. We've seen a few cases in in April, the Lyft case, the kelp case, some other details we'll get into. What do they do after they acquire the cryptocurrency? So, just like one thing that we often see is they will move to the highest security, most decentralized chain possible, it seems like. So, if they're on, you know, something like Tron, they might move to Ethereum.
uh and then later possibly even to Bitcoin. So that seems to be something that happens at least that that I've seen. They also seem to use some of the onchain privacy type tools. So Tornado Cash is often cited. So if they have Ether on Ethereum, then they'll try to move some of that through Tornado Cash.
Um, oftentimes it also seems like they then move some funds to Bitcoin and they use something called Thor Chain in order to to move across kind of that bridge.
Um, can you just talk and then and then I I'm not sure what happens after that.
Is it just like tainted Bitcoin somewhere or or is it, you know, cleaned ether if it's on the other side of tornado cash? Like what happens? and how do they get that into the kind of the real economy in order to purchase uh weapons and and nuclear capabilities and that sort of thing. Can you take us through that flow?
>> Absolutely. I mean Ryan, you nailed it on the laundering piece. Um for sure and that's exactly what is going on today.
Um thinking of it like slightly broadly here, North Korea is trying to move funds as fast as they can and they have a different playbook. You mentioned the Thor chain is is a service that's being used quite frequently right now. And um I think part of this is with with Bitcoin being, you know, completely decent. Bitcoin Bitcoin comes with benefits and and and issues when it comes to laundering funds, right? Um it's historically volatile and bad actors want to move their funds into more stable assets just like the rest of us uh to use them. But at the same time, stablecoin issuers like Tether, like Circle have unique capabilities when it comes to essentially what I refer to as burning and reissuing their native token, what some people call freezing or or blocking. Um, essentially, you know, Tether is able to uh essentially freeze um burn, which means take the token out of your wallet and move it into an inaccessible wallet and then ultimately reissue to the government or to a victim or something like that. It would be insane for North Korea to keep those funds in USDT.
>> That's exactly right. So, but what's interesting is for years that's the narrative, right? Like, hey, all bad actors are using USDT. Um, it's certainly still happening because of of I think for two main reasons, liquidity and the and the stability issue, right?
Bad guys want to move their funds, but they need to offer those funds to to to more usable currencies quickly to so that so they're not getting blocked. And we're seeing Tether really act at scale um more and more now on these on these types of cases. So we are seeing you know look at the buy bit hack is a great example. Um I think that that changed a lot for us in terms of how we were watching laundering. Essentially um North Korea stole 1.5 billion in Ethereum and within the first 72 hours converted almost all of that to Bitcoin and then started using the services that North Korea typically uses. One thing that's really important to note is oftent times North Korea, the pig butchering networks that um David was talking about earlier, um cartels are actually transferring their funds at one point at some point to professional money launderers and that is how they're ultimately offramping those funds. They're using networks of you know casinos of OTC brokers. They're getting them into the Chinese moneyaundering networks that have essentially professionalized moneyaundering prior to crypto and now are getting more and more involved in crypto. If you look, and this is to me like this is the most startling thing.
If you look onchain at cartel activity, North Korea hacks, and these pig butchering networks, you see wallet addresses that are being used in all three of those laundering typologies or or or or uh those threat categories that that that we associate with Chinese money laundering networks, these professional organizations run by the triads and other types of like Chinese organized crime. So often times like North Korea will steal the money but ultimately turn it over um essentially sell the funds to one of these networks.
Okay. So in the Bybit hack as an example 1.5 billion ether was stolen within 72 hours. Most of that was on in Bitcoin on the Bitcoin blockchain by route of what Thor chain >> I believe chain was right was in that case. Yes. And and and honestly and we've seen that playbook play out in Kelp as well. in this recent um in this most recent heist >> and they prefer Bitcoin just because of what versus raw ether because it's it's got more connections into the kind of the the OTC Chinese crime money laundering >> type of that's one piece of it. Um the other piece North Korea over the years has been used to using some of the services that are on Bitcoin uh to launder funds some some of the more centralized mixing services. Obviously we saw North Korea used tornado cashe for years. We see that less so today on Ethereum. So we see we see them we see them do a lot of different types of use a lot of different services.
>> But then ultimately this ends up offchain. So they're not keeping the Bitcoin in Bitcoin. They are moving this offchain through you know various various that's right and sometimes it takes days to get some amount offchain. Sometimes it takes weeks, but we've seen it in cases where it takes months or even years where North Korea, right, the to me the one of the ways we can solve the moneyaundering problem when it comes to North Korea is doing everything we can to create a really strong perimeter, right? Because the challenge for North Korea is always, it's not just North Korea, these big butchering networks and cartels and others is how do you offramp the funds? And they're looking to the weakest points to do that. I think Russia based exchanges that do no KYC that do no that have don't use tools like TRM to monitor transactions or don't care. Um we've seen Treasury actually sanction a whole host of these services. Think Chatex and Garantex and Bits Lotto and um so so so many others.
Um so we see that we see Chinese-based OTC brokers where um where they're trying to offramp those funds. But to me, the real question becomes, how do we build that perimeter around crypto to stop these bad actors from being able to offramp those funds? Can I give you like a cool example?
>> Yeah, please. Yeah.
>> So, um, after Bybit, uh, just exactly to your question, we saw the laundering, we saw North Korea move faster than ever before. It was clear to us that they had more access to liquidity than ever before. And I think that's a result of these Chinese uh, criminal networks that are laundering the funds. And we basically said, "How can we move as fast as they are?" Because they were moving faster than compliance teams. That's the reality. Um, we we were seeing them move at unprecedented speed. We're seeing them do programmatic money laundering.
So, we reached out to Coinbase and Binance. Uh, to me, the most significant exchanges in the world and said, "How are we going to keep funds on chain? How are we going to stop bad actors from from using these platforms?" And we formed something called the Beacon Network. And the beacon network accounts for about 85% of all centralized crypto today. So think Kraken, OKX, HDX, Paloni X, Blockchain.com, Crypto.com, uh Ripple, host of other services. Uh but then we also added fintex like Stripe and Robin Hood and PayPal, DeFi protocols, um Rhofi, 1 in. And what what we're doing is and we married that group with about 70 global law enforcement agencies.
And those law enforcement agencies are flaggers. So when elicit proceeds are moving in real time, they're flagging that address. And an alert, think Lighthouse, think Beacon, goes out to those exchanges. And when they get that Beacon alert, they're required as as part of their membership to block and ultimately work with law enforcement to seize those funds back. So, you know, we're definitely laying out a lot of the issues like the the problems today, but I think that like we could do things differently and better. And, you know, you start to combine that with some of these other ideas, right? The offensive cyber, uh, protect the perimeter, um, you know, use AI in our own workflows to stop bad actors. I think you start to have like a techdriven response to some of this >> with >> with this uh perimeter uh concept that that you bring up. How does Thor Chain fit into that perimeter or or break open that perimeter? What do you think about Thor Chain? Yeah, I think it's a challenge that um I mean part of what works on this network like this is that you have buy in that um you know no matter what your views are on centralization or your role in the ecosystem that when it comes to really bad actors we need to stop funds from from moving offchain. We need to stop bad actors from using these services. Um I think Thor chain has clearly taken a different view of all of that. Um that that said, um I think there's probably things that we could all work on together there. You're always going to be as you're only going to be as strong as your weakest link. Um and I think those weak links have always been sort of like for lack of a better like the non-compliant pieces of all of this. Um but I I will say one thing when it comes to that is like there is no one who's been sort of a more no community of people that have been more supportive of Beacon than the DeFi community. um you know, DeFi Education Fund and others. You know, I've briefed members of Congress with with those guys talking about how we can do better when it comes to sort of um you know, compliance and anti-moneyaundering than than we can in the traditional world. Um right, if you're a if you're a DeFi service that's a member of Beacon, we have a whole bunch today. They're not working with law enforcement, right? Like that that's not the nature of how DeFi works. But what they are able to do is block funds that are going to hit that platform and and and the bad actor might go elsewhere. But then what we want to do is we want to follow the money and then onboard that next service where the bad actors go. So um my hope is that like we could get as many people on board here as possible to really build the most solid perimeter. But I think the DeFi community like look I think I think at the end of the day it's like you want to solve problems using the technology not overregulating the space. In 2024, emerging markets generated over $115 billion in annual yield for investors with yields ranging between 10 to 40%.
These are some of the highest, most persistent yields on Earth. The problem, DeFi can't access them. BRICS changes this. Built on Mega ETH, BRIX takes emerging market money markets and sovereign carry and turns them into composable primitives you can access straight from your wallet. While DeFi investors earn 3 to 6% on stable coins and T bills, institutions have been harvesting 10 to 50% yields backed by sovereign monetary policy. BRICS connects these worlds with institutional grade tokenization, local banking rails, compliance across jurisdictions, and real-time stable coin settlement. BRICS does the heavy lifting so DeFi can finally access real collateral and structured products on top of real world yield. Even the best carry trades can be within reach. Bricks brings DeFi's promise to the emerging world and brings emerging market yield to your wallet.
Let the yield flow with Bricks. When the market pulls back, most people just wait. They hold cash hoping things stabilize. But there's another move, and that's where Nexo comes in. Nexo is a platform built to help keep your digital assets productive. You can earn daily interest on supported crypto assets through their yield product or get funds through a cryptoback credit line without having to sell any of your assets. So, if you want optionality, Nexo gives you both sides of the equation. You can put your assets to work or borrow against them when you need flexibility. Nexo has been around since 2018 and has over 8 billion in assets on the platform and has paid out more than 1.3 billion dollars in interest to clients globally.
So if you're a new US, there's a welcome incentive waiting for you when you sign up. Check it out at the link in the show notes. And as always, this is not investment advice.
>> This is where I I sort of don't have it settled in my own mind. And I'm just curious kind of what you think here, right? So, I don't think anyone listening wants North Korea or bad guys or, you know, theft to happen on chain.
They they want to see the bad guys get prosecuted. And yet often times, I mean, you mentioned like things like Ethereum and Bitcoin being a double-edged sword.
um you know something if you take something like privacy that also seems to be a double-edged sword and cut against some of those things that you mentioned which is being able to track and identify the bad guys. You take something like Thor Chain and and uh your response seemed to indicate you know what you wish was that Thor Chain would actually participate in kind of the beacon group and and help stop some of this nefarious activity, right? And that implies maybe that Thor chain has some centralization vectors in their protocol in which humans can intervene or inject code or or kind of do that.
And I'm not actually sure if they do or not. That's kind of take that as a another entire podcast that we could uh talk about. I do know that there are some protocols where you absolutely do not have that ability. You know, one of which is is tornado cash for instance, which is a privacy protocol on Ethereum.
Right now we have a a developer who's in a a criminal case in the US about this Roman storm. We've talked about that often. Then you also have entire networks like say the Zcash network which they sort of exist to be an encrypted version of Bitcoin and there's this move that like I you know if you are a crypto user um don't you deserve don't you want some level of privacy on top of your transactions? And and by the way, this is a a safety mechanism for legitimate use cases, too. It keeps out the corporate surveillers. It keeps out the the possibility of, you know, people hacking you or even wrench attacks in real life. I mean, there's some real civil liberties at stake here when it comes to, you know, moving some all of your funds being transparent and available for the whole world to see.
Like, that's not that's not a good steady state either. And so I'm wondering how you feel about some of these, we'll leave Thor chain aside, but some of these much more decentralized solutions to just encrypting all of the stuff that you know is onchain in a way that that you can't see it, you can't track. I mean, is this just in your mind giving a gift to the bad guys? Do you see some upside here? Like what would be your take specifically on something like tornado cash or Zcash? I you know it's I love the question and honestly I think it's the most important question that we've been grappling with as an industry over the last let's say three or four years. Um it's interesting I think the sanctions against tornado cash really got this conversation started in a in a meaningful way years ago. Those convers those sanctions have since been lifted but 20 2021 some somewhere in that that time frame. Um look I mean post 911 we had this conversation right on city streets and in airports and I think today we're having it across blockchains. Um, I fundamentally believe that in a open financial system, people are going to need and demand privacy in order to transact. None of this works without privacy. Um, I'm not sure I'd say I'm a privacy maxi, but there are very few people who believe more in being in being able to transact privately than than I do or or we do at TRM. Um, couple months ago, uh, we put out a 70page white paper on privacy, uh, which I encourage folks to read. It's it's awesome and it really goes into like how to leverage this technology. Um so I'll tell you just really quickly sort of how I think about this. Um first at TRM we don't associate individuals with their alpha numeric address. We we would never say hey that's Ryan's address that's that's David's address.
Uh we associate addresses with really two categories entities. So lawful entities like Coinbase or Tornado Cash or Uniswap um and illicit activity, terror financing, sanctions, um uh North Korea, um in order to get the underlying user information, um that individual would have to transact with some type of centralized service and law enforcement would be able to serve a subpoena lawful process in order to get that underlying user information. So that's that's sort of one way I think about this. I don't think we should ever be in a world where we're associating individuals with their alpha numeric crypto addresses. I think it becomes dangerous when people are associating those addresses with uh themselves uh on social media and other places. Um and I think we that's when you talk about ranch attacks that's sometime someplace I preach about being very very careful on the other piece is I think we need to leverage the technology right I I think the challenge for regulators and and and policy makers and and all of us is how do we stop bad actors from using services like tornado cache but allowing lawful users to use them for the privacy they need for all the things that you mentioned right dissence uh you know corporate um surveillance uh you humanitarian aid. Uh quite frankly, the US government sending funds to um informants in in war zones, right? We we need that level of privacy.
I I think the technology is the solution. Um and I really lean into Beacon. Um Beacon is just about tracking illicit proceeds and blocking them and then allowing for lawful process to play itself out. And when it comes to DeFi, um Beacon's a great example of there there's of how you can maintain privacy, right? That transaction is just blocked if it's illicit. Don't let it hit our platform and then they've got to move to the next place in order to transact. Um, so I think the technology is is a big piece of this. Um, uh, I think the Canton network, uh, chains like it's just it's it's just one example now and I know there's all kinds of interesting conversations around that that's probably been a show or will be another show too. But it's not just Canton. It's like, hey, should we be uh building privacy chains uh that we allow that we build in tools like TRM? Uh should we be doing private transactions on permiss on permissionless open blockchains? Um but that we allow some visibility into from from for for moneyaundering purpose. So I say all of this to say uh we're thinking a lot about zero knowledge proofs I think could be such an important part of the puzzle. just give enough information to let a decision be made about whether an actor is good or bad without giving up all of your PII.
So I I think there's a lot like I really lean in hard to the technology and definitely not over over uh overregulating the space. I I do think there are a lot of technical solutions that can get a lot of people what they want, right? Zero knowledge proofs.
There's a riff on something like tornado cashache. Uh you know people like I mean Solommani I think privacy pool zero um bow I believe is is what it's called.
And what they're doing is uh they use a zk proof to prove that the funds actually aren't sanctioned. Right? So they don't identify an individual user, but they prove any of the funds that go into this pool from, you know, and that's a good compromise, but I still want to push you on this a little bit, which is just like >> let's say you no longer have the ability at all to see any data. No government agents do nothing. Let's say it's a version of Ethereum and Privacy Maxis actually win on that and everything on Ethereum has the ability to be completely encrypted without any what you know privacy maxis would say government surveillance or backd doorors. All right, you lose this ability completely. It's it's just like Bitcoin or Ethereum except everything is encrypted. In fact, Zcash is kind of this model when they move into sort of shielded transactions. What do you think about that? Is that a net good? Is that a net bad? It's an interesting world.
You know, I uh you know, I think when when we first started TRM or start thinking about TRM, I think one thing we knew fundamentally was that um we have more visibility than we're ever going to have. Um, you know, we we used to talk about like how uh it was sort of one of these old western towns where the uh where you you could see completely from one end of the town to the other, right, with and I think the vision is that we're going to have more cities. Um, and I think we're starting to see that play out, although it's still early. And by cities I mean where there's actually infrastructure being built in a meaningful way on chain where you can't see around every corner where it's going to be harder to have that full visibility. Um is that a good thing or a bad thing? I ultimately like am a big believer in the technology and sort of this thing playing itself out. Um, I can't imagine a world where we've built this incredible technology where every transaction is trackable, traceable, and immutable, and we can't add enough privacy for individual users to feel like they're not putting their credit card statement on chain. Um, and yet at the same time, ensuring that governments can stop North Korea, can stop um, terror financing. I I I'll say this. I mean, I I I think that this has been such a cool conversation, by the way.
Um, you know, we and just thinking about the ground we've covered, we started talking about North Korea and attacking the DeFi ecosystem.
I I don't know that any of this works.
Um, I don't know that any user is going to put their funds on a service, you know, uh, staking, investing, you know, their mortgage on chain. If we believe that North Korea can attack this ecosystem at scale and steal billions of dollars, >> agreed. So I think that the there's got to be a compromise. And the compromise might it's not about privacy or security. I fundamentally believe you could have both. But the compromise is like we need to be ensuring that we're using the tools to keep North Korea off these platforms. Both. And it's not just North Korea. It's any criminal element.
But North Korea is is is I think is the biggest threat right now when it comes to DeFi. But so my view is just like from a pure market perspective, people aren't going to engage with an ecosystem where they can lose all their money, you know, at the click of a button. And I think we're going to have to figure out how to sort of balance that. But I don't but but to be really clear, I don't think it's a security versus privacy balance. To me, you could have absolutely both of those things. Um, you know, we've never had a financial system that is anonymous. Um, and I don't I don't believe we should, but we should have a financial system that's suit anonymous. And I think that's why crypto works so well uh in order to sort of like balance that privacy and security piece.
>> One last question on this which is respect to with uh maybe a question with respect to you know um who's responsible for this or where does the liability lie. It's been really interesting to observe the the tornado cash Roman storm case and uh it seems like the prosecutors DOJ Southern District of New York are making the case that um he actually you know was involved with this and partially responsible for money laundering due to North Korea's um actions because he partook in developing this protocol. Then you had last week the uh acting attorney general go to Bitcoin a Bitcoin conference and say code is not a crime. non-custodial software developers shouldn't have to sleep with with one eye open. And there's a question of like if North Korea uses a protocol like Tornado Cash or if they use DeFi or if they use Ethereum or if they use Bitcoin, are the developers who made these tools responsible in any way when bad guys use their tools? Have you thought about this? I'm not sure. Does your privacy 70page paper like cover this? And what do you think the government actually thinks about this? Because on the one hand, they're saying things like code is not a crime, but on the other hand, they're also prosecuting Roman Storm.
And so I think the community is somewhat confused as to what the US government's perspective on this is. I think there's a range clearly. Um there's there's really clearly a range. And I've been actually surprised with um Attorney General Blanch's statements and not just this one. when he was um deputy attorney general, he als he he made a similar statement several maybe a couple years ago now. Um and I thought that would have a huge impact on the prosecution.
Um it clearly has not and I think they're going to have to sort of work out where they're really if they're really landing on is this a policy position and to what extent are US attorneys offices going to sort of need to heed it. Um my own personal view um I'm pretty aligned with the attorney general um with with this caveat and that is we need to make sure the developers aren't conspiring with bad actors in order to launder funds. Okay.
Um, so if you're building a decentralized service, non-custodial, uh, for people to use for lawful reasons, then no, you should not be prosecuted if bad actors are using your platform. Okay. Um, but, you know, there there are great examples of this. um Helix, which was a Bitcoin mixer that was being advertised by a guy named Larry Harmon on Alphab Bay saying, "Hey, this is the perfect place to launder all these drug proceeds that you have on this darknet market." No. Like, no, that is over like Kim Jong-un can't be your target either.
>> Yeah. Yeah. Yeah. Yeah. That's exactly right. Uh you know, pe people may disagree with this, but Bitcoin Fog similar circumstances. Okay. uh that that that service was actually um uh conspiring on darknet markets with bad actors in order to launder funds. Um this is tornado cash is different and and that's what and that that's what's always been such an in why this has been the most interesting question in my mind maybe for you guys too in my entire time in this space um because I think there's a challenge. How do regulators stop North Korea from using a service to launder billions of dollars and yet at the same time allow lawful users the opportunity to do it? I don't think we go after builders um who are literally just building tech or just building or just writing code. But at the same time, you know, uh I I think a strong prosecution in this case there would there could potentially be emails saying, "Hey, we don't care. We're going to keep doing this. we see the funds going through. We want our our service to be a place that is known for this. I haven't seen any of that type of evidence come out. But to me, that's the type of evidence you would need to really mean prosecute a case like this in a meaningful way.
>> Intent, criminal intent.
>> I mean, that's that's, you know, that's that's what our system demands. Um, so if you have criminal intent, I don't care what you're developing, you shouldn't uh you should be potentially prosecuted for moneyaundering conspiracy. That's different than some of these other money transmitter laws that I think also have folks concerned. But as a just a pure from a pure criminal standpoint, um I I'm most concerned with the moneyaundering conspiracy piece.
>> We'd be remiss to not talk about some of the the biggest current events that are happening uh at the time of the recording, which is um >> what even even more recent there is a lot going on. I'm sure I'm sure uh you've probably been the most busy that you've ever been with with just like North Korea, the Lazarus group always being persistently active. But uh with uh Operation Economic Fury out of the White House, I think there's probably also something to talk about with Everran's use of just crypto in illicit ways. Just two weeks ago, $344 million of us on Tron was frozen. We we mentioned that. We're I think we're all kind of confused about why they were using Tether on Tron, but maybe that's a different question for a different day.
The one of the big things that happened here was uh OFAC directly named the Iranian central bank a central bank controlled wallet on the SDN list. Uh and so like ju just in the same way that like you know no North Korea's Lazarus group, these aren't like you know proxies. This is North Korea itself. We actually like uh sanctioned an Iranian central bank crypto wallet. So, uh, unprecedented.
Can you talk about what it was just like to be in your shoes during a lot of this activity? I think you guys are on just the front lines here. You guys have a lot of the data. What's operation economic fury like from TRM's perspective?
>> Yeah. No, absolutely. Um, you know, it's interesting. It goes to sort of what Ryan and I were just talking about to some extent in that this is an only in crypto story, right? You're not seizing 344 billion uh 344 million um of fiat from Iran. You may sanction the central bank which has been sanctioned for years. Uh their entire financial sector is sanctioned but actually enforcing those sanctions and getting back funds that's an only in crypto type story. And um you know it's interesting you you mentioned like that we're particularly busy. You know over the last bunch of years you know every geopolitical issue every major geopolitical issue in the world everyone's want to know what is the crypto nexus. So Russia invades Ukraine. It's how is Russia going to use crypto to evade sanctions? Uh Hamas attacked Israel on October 7th. It was how is Hamas funding its operations using crypto? And this is the most recent example. Um but I think there's a fair amount to say and that is a couple years ago you would see IRGC sort of one-off transactions, right? Hey, we we have some funds. We want to send them.
We want to try to offramp them. Um, Israel actually seized about a hundred addresses associated with IRGC a year or or so ago. Um, we've seen a shift and we wrote a piece on uh two UK registered exchanges, Zed X and ZX Ion um which actually ultimately were sanctioned after we wrote our report by the US Treasury Department. And essentially to me that actually showed a bit of a playbook and that is instead of just one-off transactions, Iran was using crypto infrastructure at scale. They basically were using these two exchanges to launder a billion dollars through through them. So it wasn't just like, hey, we're going to send money. It's we're going to actually essentially use these as shell companies. um at one point you know I want to say almost 80% of all transactions through these exchanges were IRGC related. So I think we see that and then the central bank of Iran is sort of just the latest example where we see essentially Iran's central bank um you know spinning up crypto addresses and trying to move funds that way in order to circumvent the US financial system. Um there's there's there's a couple other examples like this recently where we're seeing with this with Iran this reporting which I struggle with a little bit around the um straight of Hermuz is Iran going to collect tolls in crypto >> I haven't seen any really significant evidence of that and we've been looking everywhere we possibly can on chain. Um but the fact that Iran is trying to experiment with that just shows that like they're trying to do anything they possibly can. Um there was a report um there was a po report today in the Wall Street Journal about the financial facilitator a guy named Lar Johnny that we actually name in our Zed sex report who actually was released from a death sentence I think in prison 10 years ago or something in Iran because he's so good at moneyaundering and he has essentially discovered crypto. So, he was the one behind Zed Sex, uh, possibly behind these, um, central bank transactions, uh, and he's the go-to money launderering launderer for for IRGC. So, I say all that to say that I think like, you know, we started with Iran, I'm sorry, we started with North Korea. Um, we could go just as deep on Russia, to be honest, and now with Iran, we're seeing nation state actors really think through how to build crypto infrastructure, not just like, hey, we're going to send some funds to to this wallet address that we spun up.
The tension that I feel might might be there is that crypto offers the good guys, you know, you guys, the State Department, the FBI, a lot of capabilities and information and and power to get some funds back. You know, as you've been underscoring this entire podcast, like only in crypto do we actually recover funds so directly uh from any of these state actors that stole it from from, you know, innocent people. And I remember one of the reasons why the whole CZ Binance versus Department of Justice story was such a big story was because uh CZ was looking uh a blind eye, I think, towards IRGC and Iranian money laundering through Binance. Well, now now Binance has been brought to heal. You know, now Binance is kind of like inside the fold of the people who are providing data to the good guys, to the government. And so crypto seems to be like as you've been saying establishing a pretty strong perimeter around these state actors. But nonetheless, the state actors continue to use them. And so clearly crypto is benefiting the state actors in some particular way despite how strong our capabilities are on the good guys side of things. square this for me. Like what if if crypto is being such a good tool for information for you know the FBI and OFAC and all this how come you know Iran and North Korea and China and Russia and all them how come they're still using them? It seems like it's not actually good territory for them to do their operations in.
>> Yeah. Look, I I think it's it's it's interesting, right? You know, the promise of cryptocurrency is crossber value transfer at the speed of the internet. And the reality is that like for all the reasons it's such a transformative technology for remittances, for humanitarian aid, for payments at scale, um bad actors also want to use it to move funds faster and in larger amounts than ever before. The the difference is that we now can track and trace those funds. So the reality is that it's always going to be this cat-and- mouse game that has always existed between law enforcement, right?
Bad guys can now move funds faster and in larger amounts than ever before. And um and law enforcement now is going to need to to to track them. Um, I mean, I think, uh, bad guys have always been early adopters of transformative technology, and I think we're in that moment right now with crypto and and maybe even more recently AI. Um, one of my favorite stories is that in 1908, the Model T rolled off the assembly line.
And in that same year, we created the Bureau of Investigation, which is the modern FBI, because policing had always been a local issue, right? But all of a sudden, bad actors can move cross border, cross state lines at unprecedented speed and scale. Think Al Capone and Machine Gun Kelly and and Bonnie and Clyde. And we need to create a a national police force in order to run them down. I think we're seeing that now, right? It's just a new technology that bad guys can now move funds faster than ever before. And it's it's a bit of this cat-and- mouse game, this whack-a-ole that prosecutors talk about.
Um, but at the same time, I think that bad guys are going to improve their technology and and so are the good guys.
>> One thing I just want to clarify is, you know, David's framing in terms of uh bad guys and good guys. You know, um it may not always be the case that your government is the good guy. And this is the entire reason we have uh the Bill of Rights and the Constitution and civil liberties and things like decentralized technology like Ethereum and Bitcoin is because when the government actually becomes the bad guys, you you need freedom tools to resist their badness.
And you know, so far we we we've talked in terms of good guys and bad guys. I just want to make it clear that um the entire purpose of this technology and this movement is uh to have the freedom to escape centralized authorities uh when as they become uh bad guys and as they move across that spectrum. Um, one question I wanted to ask you about the Iran case and the IRGC specifically is why in the world they were using Tether and Tron because it seemed incredibly obvious in 2026 that they're just asking to get their assets frozen and if their next maneuver is just going to be to do the thing that North Korea does, which is move their assets to something like Bitcoin. And then if they move their assets to Bitcoin and they accept the volatility, I mean less volatile than their local currency, we might point out much less volatile. Um what do nation states do as a reaction to that? So the US government is the most powerful nation state in the world.
I was very interested in this exchange between a uh Texas Republican who asked the secretary of war Pete Hexith about Bitcoin framing it as kind of a um a matter of national security does he think so and Hexus said yes I do think so and then he added this a lot of things we are doing enabling it or defeating it he's referring to Bitcoin are classified efforts that are ongoing inside our department this is kind of interesting to me the the idea of defeating something like Bitcoin. And it just struck me last week that this could be the moment that cryptocurrency networks like a Bitcoin or an Ethereum are tested in ways that they haven't been tested. I mean, part of the purported value of this technology is that they have sovereignty and and decentralization and nation state level security. And I kind of wonder if they will actually pass this test or not. and what Hexith might mean when he's talking about defeating something like Bitcoin.
So, say the IRGC keeps their next $350 million in assets in Bitcoin on the Bitcoin network instead. Does the Department of War have a way to defeat that, to access that? Is that maybe what we were talking about earlier in our conversation? Like, what do you think about this?
>> Yeah, that's that's interesting. I I quite frankly don't know don't know what he would have been talking about necessarily with that statement in terms of the defeating piece. Um you know when someone says something like that to me and like I I am not an expert on quantum and I do not play one on TV. So like that that might be a really cool conversation uh for the show um at some point but I would say that's that's where my head goes immediately uh to that type of technology as opposed to the way I think about it and I think about how do we harness the technology?
How do we use open permissionless blockchains in order to do um you know to to to to go after bad actors? How do we create that perimeter to keep the funds from going offchain for the use of weapons proliferation? Um how do we go after Chinese money laundering networks?
Right. Um, so that that that's an interesting to what me that's an interesting one to me in terms of of of beating uh the technology and I I am not sure where I uh I'm not sure the origassified super secret way that the US government has to defeat Bitcoin in some way.
>> I don't think I'm I'm these days I am not uh privy to any uh uh of that type of >> told you he'd have to kill you.
>> If I told you I would have still been in the government. I think that uh I I'm long done with that life. But I but I would say that like to me it's always just like hey how do we harness the technology? And quite frankly it's more and more AI too. You know I think AI plays a huge role in the way we can supercharge a lot of these operations.
Um but in terms of like defeating the tech itself it's like no we need to defeat the adversary. And that's what I just like I always come back to that right like what are we doing to go after the central bank of Iran right? Um, I mean, literally, um, I mentioned North Korea hacked the Bank of Bangladesh years ago. Like, let's hack the Central Bank of Iran. Uh, let's take the money, right? So, um, I I think that I that that's really how I'm thinking about it always is going after the bad actors.
And I was actually I was a little discouraged even on Twitter, which I should not spend as much time on or X.
Um, you know, there was a lot of there the conversation was entirely around what Drift should have or could have done or kelp could have or should have done. And there's plenty, right? Um, and I I think bringing in cyber from from from day one is absolutely critical. But my focus was was immediately on let's go after North Korea, let's go after Iran, let's go after Russian cyber criminals.
>> That would be so cool. I got to tell you, that would be so cool.
>> So if it happens, you know, or you keep hearing about cyber letters of Mark Chris Perkins is awesome on this. Uh Chris Jen Carlo's written on this. This is not me being a crazy person talking about pirates. like I think there's some real um uh I know Tavano there there's a whole handful of other folks that are very supportive of this idea and um yeah I I excited about the the prospect of it. Okay, so as we wrap this up and bring this to a close. So as I mentioned the outset, April was DeFi's worst month ever, maybe over 600 million in hacks. I don't know about total volume size, but just in the number, there was one hack every 27 hours. Okay, so basically a daily occurrence. And one has to think AI is just speeding up and accelerating the efforts of these incredibly talented uh North Korean hackers. It seems like I mean they are winning right now. So, what does DeFi do? Just maybe summarize this. If you're addressing everybody in the crypto space, who cares about it? We just had a DeFi united campaign. Um, and it was fantastic. It was a coming together of all of decentralized finance and they were trying to make the the kelp DAO um asset whole RS and they did that. They raised uh, you know, 300 million in commitments. That was fantastic. And I just help couldn't help but think like as great as this is and as fantastic as this is, if this happens every month, like we're not gonna last, okay? Like this can't happen again.
Can't happen many more times. And so in addition to DeFi United being about kind of getting RS E uh claimments whole, we also have to have a Defi United for securing our space. What recommendations do you have? Like how does this get better? And if there is a happy case here, what do you think it looks like? Yeah, I know.
It's a it's a great question. I'm not familiar with DeFi United, but I love this concept because I think that's where we have to go. And uh it should be more than kind of paying back lost funds. Um you know, I'm not naive enough to think we're going to have standards anytime soon for sort of DeFi protocols or developers. Um but I do believe that we could come together as a community and um agree to best practices. Um you know years ago after Colonial Pipeline uh the White House actually brought together a community of of of businesses the largest businesses in the world and started talking about here are 10 bullets for what good cyber hygiene cyber controls can look like. I think we need to do that for DeFi today whether that's through this group or whether it's through something else. So it's not >> it's it's best practices but agree and align to them.
>> Um I hope part of that is being involved in an information sharing interdiction disruption type network like Beacon. Um so on the defensive side I think it's a combo of like building out Beacon plus really really getting granular on what DeFi protocols can build from the ground up uh from a from a cyber defense uh perspective. I know crypto in some ways has presented challenges towards uh the state department and investigators just because of the way that it is. As we've underscored throughout this entire podcast, it also gives them some tools and some assets and information that they didn't that they don't have in the trad.
Do you think uh these this the state um you know FBI, CIA, OFAC, Treasury, do you think they are actually kind of pro moving on chain uh in the sense that like you know let's get all the people on chain because it's actually a better substrate for us to do our job if more of global finance moves on chain. Do you think they think that?
>> I do. I also think there's a certain inevitability around it, right? What's interesting to me, and I I think that that this is a very this moment state, every major law enforcement agency, many in the world, but certainly every US federal law enforcement agency, think FBI, IRSCI, DEA, Secret Service, Homeland Security Investigations, they all have a cadre of investigators who are sort of power users of TRM, who have all the tools and the training and the true experts. Um, I think there's I believe I think you guys do too, that there's inevitability about this space, right? just in the last year with institutional adoption and so much happening and we we we see more activity moving on chain that means like it can't just be a cadre anymore. It has to be like every investigator has to have the capabilities because every crime is a financial crime and that means every crime is going to involve crypto in one way or another. So my view is that like yes um but they don't have the resourcing necessarily today that they need if that's the direction we're headed in. As much as I don't like North Korea and I appreciate the work that you guys are doing to catch the bad guys, I I got to say I don't know how encouraged I feel that the CIA and FBI wants us all to come on chain. Okay. So, I will voice that at the end of this podcast that um trust definitely needs to be earned there. But uh Ary, thank you so much for joining us today and telling us all about what is going on in crypto and uh for your work to catch the bad guys. We appreciate it.
>> Hey, love joining you. Thank you for the conversation. Got to let you know, Bankless Nation, of course, none of this has been financial advice. Crypto is risky. You could lose what you put in, but we are headed west. This is the frontier. It's not for everyone, but we're glad you're with us on the bankless journey. Thanks a lot.
関連おすすめ
Are our DeFi tools becoming too easy to exploit?
saidotfun
228 views•2026-05-30
Solana Unchained ($UCHN) Explained: Solana’s Next Big Utility Project?
CryptoVlogOfficial
339 views•2026-05-30
⚠️ALGO Has a Very Bright Future! ✅ One #Crypto Everyone Should Own!
MetaShackle
184 views•2026-05-30
540 Pi MIGRATED — The One Thing He Did That You Probably Haven't Done Yet
CryptoWorld949
316 views•2026-05-31
BingX EventX: Trade Sports, Crypto & Global Events With One Click
AidenCryptox
311 views•2026-05-31
XRP IS GOING TO VANISH! A SUPPLY SHOCK IS INEVITABLE! (THIS IS THE PROOF!)
NCash
2K views•2026-05-31
AI Predicts What XRP Looks Like If Ripple Gets A Fed Master Account
CryptoBlazon
422 views•2026-05-30
Max hit $120,000!!!!
ArajoRarities
168 views•2026-05-31
トレンド
Why Batman Lets The Joker Live 🤨
zackdfilms
9222K views•2026-05-30
They're Complete Trash
penguinz0
558K views•2026-06-04
The Murder of Deputy Caleb Conley
MidwestSafety
810K views•2026-06-04
I Bought FAKE HopeScope Merch (and paid a subscriber to give it a makeover) | Hopeful Hauls
HangWithHopescope
158K views•2026-06-04