Crypto Overview in North Korea

Regulatory data is for informational purposes only and may not reflect the most current legal developments. Always consult qualified professionals before making decisions.

Legal Classification and Regulatory Framework

Cryptocurrency Status

The Democratic People’s Republic of Korea has no public domestic regulation of cryptocurrency. The North Korean won (KPW) is the sole legal tender, foreign currency holding is tightly restricted, and the country’s citizens have no access to the global internet. The Kwangmyong intranet is the only network available to the general population, meaning meaningful exposure to digital assets exists only among a small political and military elite. As a practical matter, civilian use of cryptocurrency is impossible inside the country, and any state engagement with the technology is operational rather than regulatory in character.

The state has appeared publicly in connection with crypto on two notable occasions: the Pyongyang International Blockchain and Cryptocurrency Conferences were held in 2019 and 2020. Those events were aimed at extracting external expertise rather than building a domestic market. A United States national who attended the 2019 conference against State Department instruction was prosecuted under the International Emergency Economic Powers Act (IEEPA) and sentenced in 2022 to more than five years in federal prison, illustrating that participation by foreign nationals is itself a sanctions exposure.

Tax Treatment

There is no published tax framework for cryptocurrency in the DPRK. The combination of an isolated banking system, the absence of any legally recognised exchange, and comprehensive international sanctions means that tax classification is not a meaningful regulatory question in the conventional sense. Foreign operators and investors have no legitimate basis to engage with the jurisdiction, rendering any discussion of crypto tax treatment academic.

Regulatory Oversight

The Central Bank of the Democratic People’s Republic of Korea and the Ministry of Finance are the nominal financial authorities, but there is no functioning crypto regulator and no VASP licensing body. The state apparatus most engaged with cryptocurrency is military and intelligence in nature. The Reconnaissance General Bureau (RGB) and its cyber units, including the cluster commonly identified as Lazarus Group and the related sub-groups Andariel, BlueNoroff, and TraderTraitor, are responsible for the activities most relevant to the global industry. The US Office of Foreign Assets Control (OFAC) has designated the Lazarus Group and a series of associated banks, front companies, and individuals, with additional tranches added throughout 2025.

Business Environment

Banking Relationships

The DPRK is largely severed from global correspondent banking. The Financial Action Task Force (FATF) calls on all jurisdictions to apply counter-measures and to terminate correspondent relationships with banks based in the country, closing any subsidiaries or branches operating abroad. The remaining financial connectivity runs through sanctioned banks and front companies operating in third countries. Recent OFAC designations have continued to add new institutions and individuals to the Specially Designated Nationals (SDN) list. A Cambodia-headquartered payments network identified by US Treasury and blockchain analytics firms in 2025 was flagged as a significant laundering node for proceeds traced to the country.

Innovation Support

There is no innovation support framework in any conventional sense. The only documented state-organised engagement with the wider crypto sector was the Pyongyang Blockchain and Cryptocurrency Conferences in 2019 and 2020. Beyond those events, no domestic sandbox, accelerator, or government-backed research programme has been documented. The isolated nature of the economy and the absence of internet access for the general population make a functioning innovation ecosystem structurally impossible.

Crypto License in North Korea

There is no crypto licensing framework in the Democratic People’s Republic of Korea, and there is no legal pathway for foreign or domestic operators to obtain a virtual asset service provider (VASP) licence. Because comprehensive international sanctions prohibit virtually all financial dealings with the DPRK, the question of licensing is not a matter of domestic policy gaps but of hard legal prohibition at the international level. Operators anywhere in the world must structure compliance programs to avoid any exposure to the jurisdiction.

Current Status

No VASP framework, no crypto exchange licence, and no custody or broker-dealer authorisation has ever been published by DPRK authorities. The country does not participate in FATF mutual evaluations or report to any international AML standard-setter. The FATF has maintained the DPRK on its blacklist, the list of high-risk jurisdictions subject to a call for action, continuously since 2011. Every FATF plenary through 2026 has reaffirmed this designation. The call for action requires all FATF member jurisdictions to apply counter-measures, which include enhanced due diligence, transaction monitoring, and where appropriate, limits on business relationships with DPRK-connected parties.

UN Security Council sanctions imposed under Resolutions 1718 (2006), 2270 (2016), 2321 (2016), 2371 (2017), 2375 (2017), and 2397 (2017) prohibit most financial services in connection with the DPRK. US OFAC designations, EU autonomous sanctions, and UK sanctions reinforce the UN regime with unilateral prohibitions and add further individuals, entities, and cryptocurrency addresses to restricted-party lists on a continuing basis.

Why No Framework

The absence of a crypto framework is not regulatory lag. The DPRK economy is state-controlled, information flows are tightly restricted, and there is no domestic financial sector that would need a VASP regulatory regime in the internationally understood sense. The state’s documented engagement with cryptocurrency is through state-sponsored theft and revenue-generation rather than through a regulated market. The RGB and its affiliated cyber units use cryptocurrency as an instrument of sanctions evasion and revenue collection, not as a market to be governed. The 2024 Chainalysis annual crypto crime report estimated that DPRK-affiliated actors stole approximately 1.34 billion US dollars across 47 incidents in 2024 alone, a figure that exceeds the GDP of many small economies and is effectively a de facto state crypto policy.

What Operators Should Know

Any crypto-asset business or financial institution subject to US, EU, or UK jurisdiction must treat all DPRK-connected addresses, entities, and individuals as prohibited counterparties. Specific compliance obligations include: real-time screening of wallet addresses against the OFAC SDN list and equivalent EU and UK consolidated lists; enhanced due diligence for customers or counterparties with any DPRK nexus; monitoring for typologies associated with DPRK laundering, including rapid cross-chain bridging, high-frequency peel chains, and use of privacy protocols immediately following large transfers; and enhanced screening of remote engineering hires for identity fabrication patterns flagged in repeated FBI and US Treasury joint advisories from 2023 through 2025. Penalties for sanctions violations are severe: individual criminal liability under IEEPA, corporate deferred prosecution agreements, and civil penalties from OFAC have all been applied in cases with indirect DPRK connections.

Market Characteristics

State-Sponsored Cyber Operations

The DPRK is widely assessed as the single largest state-sponsored threat actor in cryptocurrency. Blockchain analytics firms have placed cumulative theft attributed to the country at more than six billion US dollars since 2017, with the figure rising sharply in recent years. Notable confirmed incidents include: the Ronin Bridge exploit of approximately 625 million US dollars in March 2022; the Harmony Horizon Bridge exploit of roughly 100 million US dollars in June 2022; the Atomic Wallet theft of around 100 million US dollars in June 2023; the CoinEx compromise of approximately 54 million US dollars in September 2023; the DMM Bitcoin theft of approximately 305 million US dollars in May 2024; the WazirX exchange compromise of about 235 million US dollars in July 2024; and the Bybit incident in February 2025, in which approximately 1.5 billion US dollars were stolen in what stands as the largest single cryptocurrency theft on record. The Bybit attack exploited a development-environment compromise affecting a third-party signing interface, demonstrating that supply-chain risk remains the dominant vector even for venues operating cold-storage architectures.

Laundering Infrastructure

Proceeds are typically moved through a combination of cross-chain bridges, decentralised exchange protocols, mixers, and peel chains, with final off-ramp at over-the-counter desks operating in China and Southeast Asia. The mixer Blender.io was designated by OFAC in May 2022 as the first virtual currency mixer sanctioned by the United States, and its successor Sinbad.io was sanctioned in November 2023 with coordinated international seizure of infrastructure. The privacy-focused exchange eXch ceased clearnet operations in 2025 following European seizures, though analytics reporting indicates continued activity through alternative channels. Tornado Cash smart-contract addresses were delisted from the SDN list in March 2025 following litigation, but specific addresses linked to state-affiliated activity remain individually sanctioned.

Remote Worker Scheme and Compliance Implications

Beyond direct theft, the DPRK generates significant revenue through a coordinated scheme in which technology workers fraudulently obtain remote employment at Western companies, including crypto firms, using stolen or fabricated identities. US Treasury, the Federal Bureau of Investigation (FBI), and the Department of Justice have issued repeated joint advisories on this scheme from 2023 through 2025, and a series of high-profile prosecutions and laptop-farm seizures have taken place across the United States. Major exchanges and crypto firms now operate enhanced screening for remote engineering hires, dedicated sanctions-list address screening, and monitoring for typologies associated with the country.

The Financial Action Task Force has maintained the DPRK on its list of high-risk jurisdictions subject to a call for action continuously since 2011, and the position has been reaffirmed at every plenary through 2026. The Multilateral Sanctions Monitoring Team (MSMT), established in late 2024 after the United Nations Panel of Experts mandate expired, has assumed the reporting role on cyber and remote-worker activity tied to the DPRK, issuing updated assessments that form a key reference for compliance teams tracking DPRK typologies.