Sanctions Evasion: Crypto's Geopolitical Problem
North Korea, Russia, Iran—all using crypto to evade sanctions. Here's how nation-states exploit blockchain and why it's crypto's biggest regulatory threat.
Dive Deeper with AI
Click → prompt copied → paste in AI chat
$1.7 billion.
That's how much North Korea's Lazarus Group allegedly stole through crypto hacks in 2022 alone.
According to the UN, North Korea's nuclear weapons program is partially funded by cryptocurrency theft.
Let that sink in. A country is building nuclear missiles partly with stolen Ethereum.
Welcome to the geopolitics of blockchain.
The Sanctions Game
Here's how the world has punished bad actors for decades.
Say you're North Korea. You want to buy missile parts. Normally, you'd wire money through a bank. But every major bank in the world is terrified of the US Treasury. If they process your transaction, they lose access to the US financial system. Game over for them.
So you're cut off. SWIFT won't touch you. No bank will clear your trades. Your foreign assets are frozen. You're financially isolated.
This is the power of sanctions. Control the financial system, control the money.
For sixty years, this worked pretty well. Not perfectly—there's always smuggling, shell companies, complicit banks. But moving billions was genuinely hard when you're on the naughty list.
Then Bitcoin happened.
North Korea's Crypto Army
The Lazarus Group isn't some ragtag hacker collective. It's a unit of North Korea's intelligence apparatus, and they've become terrifyingly good at stealing crypto.
March 2022. A game called Axie Infinity was at the peak of its "play to earn" hype. Its Ronin bridge held billions in user funds. Lazarus got in through a fake job offer—they sent a PDF to an employee, got access to the internal network, compromised five of nine validator keys, and drained $625 million in one transaction.
The largest crypto hack in history. And the money went to a regime building ICBMs.
This wasn't a fluke. Harmony bridge? $100 million. Atomic Wallet? $35 million. There are dozens more. The FBI estimates Lazarus has stolen over $3 billion in crypto.
Where does it go? The UN has documented the pipeline. Stolen crypto gets laundered through mixers, chain-hopped across bridges, converted through complicit OTC desks in China, and eventually ends up funding weapons programs.
A teenager playing Axie Infinity gets hacked. A year later, North Korea tests a new missile. There's a direct financial line between those events.
The Laundering Pipeline
When Lazarus steals $600 million, they can't just deposit it at Coinbase. The money has to be cleaned.
It starts with speed. Within minutes of a hack, funds are split across hundreds of wallets. Then they start moving through bridges—Ethereum to BSC to Avalanche and back. Each hop makes the trail harder to follow. Different blockchains, different analytics tools, different jurisdictions.
Next come the mixers. Tornado Cash was their favorite before sanctions. Dump everything in, wait, pull out "clean" coins with no connection to the hack. The cryptographic magic breaks the chain of custody.
Then the waiting game. Blockchain forensics companies are good, but they need time. If you move too fast, you create obvious patterns. So the funds sit in hundreds of wallets, slowly consolidating over months.
Finally, the cash out. Small exchanges with weak KYC. OTC desks that don't ask questions. Mining operations that convert electricity into "freshly mined" Bitcoin. Eventually, the crypto becomes real goods—luxury items, equipment, whatever a sanctioned regime needs.
The whole process can take a year or more. By the time investigators fully trace the funds, most have already been converted and spent.
Russia's Different Problem
When Russia invaded Ukraine in February 2022, the West unleashed unprecedented sanctions. Major banks got kicked off SWIFT. Oligarch yachts got seized. Russian assets worldwide were frozen.
Could crypto be the escape hatch?
Not really. Russia's economy runs on hundreds of billions in oil and gas revenue. Crypto's entire market cap is a rounding error for them. You can't pay for a tanker of crude oil with Bitcoin—the infrastructure doesn't exist.
But on the margins? Crypto helps.
Russian ransomware gangs—which the government conveniently ignores—have always been paid in crypto. Individual oligarchs can move personal wealth outside the traditional system. Small-scale import payments can bypass banking sanctions.
After the invasion, researchers saw spikes in transactions to Russian-linked addresses. Mining operations expanded—a way to generate "clean" crypto domestically. There were reports of businesses trying to settle international trades in stablecoins.
None of this replaces the traditional financial system. But for a country under siege, every workaround helps. Crypto is a tool in the sanctions evasion toolkit, not a solution.
Iran's Mining Strategy
Iran took a different approach. They're not stealing crypto. They're making it.
Iran has cheap electricity—government-subsidized, abundant natural gas. Bitcoin mining is pure economics: cheap power in, valuable Bitcoin out. At various points, Iran has accounted for 4-7% of global Bitcoin mining.
The government knows this. They've licensed mining operations. They've seized miners who operated illegally (the government wants its cut). They've explicitly discussed using crypto for import payments to avoid dollar sanctions.
It's elegant in a dark way. Iran can't sell oil for dollars. But they can burn that oil to generate electricity, mine Bitcoin, and use that Bitcoin to buy whatever they need from countries that don't care about US sanctions.
The challenge is scale. Mining produces millions, not billions. And cashing out at scale is hard when every major exchange blocks Iranian users. It's a partial workaround, not an escape.
The Cat and Mouse Game
Meanwhile, the people trying to stop this aren't standing still.
Chainalysis, Elliptic, TRM Labs—these companies have government contracts worth hundreds of millions. Their job is to trace every transaction, cluster wallets, identify patterns, and help law enforcement follow the money.
They've gotten scarily good at it. The Colonial Pipeline ransomware attack made headlines for crippling gas supplies across the Eastern US. Less reported: the FBI recovered most of the Bitcoin ransom within weeks. They traced it through the blockchain, identified the wallets, and got a judge to order seizure.
But for every advance in tracing, there's an advance in evasion. Privacy coins like Monero make tracing much harder. New mixing protocols emerge constantly. Cross-chain bridges create jurisdictional nightmares. Time itself is an evader's ally—forensics get harder as the trail goes cold.
It's a genuine arms race, and neither side is clearly winning.
The OFAC Nuclear Option
In August 2022, the US Treasury did something unprecedented. They sanctioned Tornado Cash.
Not a person. Not a company. Smart contract addresses on Ethereum.
Using Tornado Cash became illegal for any US person. Companies had to block transactions touching those addresses. USDC issuer Circle blacklisted funds held in the contracts. GitHub deleted the repository. Discord shut down the server.
The message was clear: neutral infrastructure isn't neutral when it's helping North Korea launder billions.
But here's the thing about immutable smart contracts—they can't be turned off. Tornado Cash still works. It's just illegal to use. The code doesn't care about OFAC.
This created a philosophical crisis. Can you sanction software? What about the developers who wrote it? (Two were arrested.) What about validators who process transactions involving it? If Ethereum itself can't censor transactions, is the whole network sanctions-compliant?
No one has good answers. The Tornado Cash case will be debated in courts for years.
The Uncomfortable Truth
Here's the tension no one wants to talk about.
Crypto's core value proposition is that no one can stop your transaction. No government, no company, no authority can freeze your funds or block your payment. That's the whole point.
But "no one can stop your transaction" applies equally to political dissidents and nuclear proliferators. The technology doesn't care about your intentions.
Every privacy feature that protects activists from authoritarian governments also protects North Korea from sanctions. Every decentralization measure that prevents seizure of dissident funds also prevents seizure of terrorist funds.
You can't have one without the other. That's not a bug to be fixed. It's the fundamental design.
So when politicians say crypto enables sanctions evasion, they're right. And when crypto advocates say the technology protects financial freedom, they're also right. Both things are true simultaneously.
The question isn't whether crypto helps bad actors—it clearly does. The question is whether the benefits to good actors outweigh that cost. Reasonable people disagree.
What Actually Matters
Let's be honest about scale.
North Korea's crypto thefts are significant—billions of dollars funding weapons programs. This is a real problem that deserves serious attention.
Russia using crypto to evade sanctions? Marginal. Their economy is too big, the crypto infrastructure too small. It helps on the edges but doesn't change the fundamental picture.
Iran's mining operations? Clever but limited. Millions, not billions.
Small actors—terrorist cells, sanctioned individuals, criminal organizations? Here crypto genuinely helps. Moving hundreds of thousands is easy. Flying under the radar is possible. This is where the real erosion of sanctions happens, transaction by transaction.
The biggest impact isn't dramatic nation-state hacking. It's the gradual, unsexy normalization of crypto as a sanctions workaround for anyone who needs one.
Where This Goes
Regulation is coming. Not because governments hate crypto, but because sanctions evasion is a national security issue.
Expect more Tornado Cash-style actions. Expect exchanges to face stricter compliance requirements. Expect privacy coins to face existential regulatory pressure. Expect DeFi protocols to grapple with whether they can (or should) implement any form of screening.
The "code is law" era is ending. Code still runs. But the people who write, deploy, and use code face increasing legal risk.
Whether this kills crypto's value proposition or just forces it to mature is the trillion-dollar question.
Blockchains don't recognize borders. That was always the point.
It just turns out that borders—and the governments that enforce them—aren't going away quietly.
The same technology that enables financial freedom enables financial crime. That's not a bug to be fixed. It's the deal we made.