Sharper: Blockchain

The rapid innovation of cryptocurrency technology beyond the current regulatory framework within the space has urged U.S. policymakers to advance their understanding of blockchain and associated security risks. CNAS experts are sharpening the conversation around what polices may work best to support a safe and secure virtual ecosystem and how to address persisting and emerging security risks supported by blockchain technology. Continue reading this edition of Sharper to explore their ideas and recommendations.

Features

Following the Crypto

Since 2014, the Pyongyang-led cybercrime organization known as the Lazarus Group has transformed from a rogue team of hackers to a masterful army of cybercriminals and foreign affiliates that can compromise major national financial networks and steal hundreds of millions of dollars’ worth of virtual assets. Through analyzing three case studies of major North Korean hacks, a new report by Jason Bartlett outlines key strengths and vulnerabilities in the Lazarus Group’s campaigns to infiltrate cryptocurrency exchanges and steal, launder, and liquidate funds. The study also offers a prospective look into the future of North Korea–led crypto hacks and provides a series of policy recommendations to strengthen cyber resilience against these efforts.

Financial Attacks on Democracy

The Russian government’s interference in the 2016 election has received significant attention from policymakers and the media, but a critical aspect of the operation remains largely unreported: the cryptocurrency that funded it. Russian actors took advantage of cryptocurrency to support their interference efforts, hoping to hide their money trail. In subsequent years illicit use of cryptocurrency has grown even more sophisticated than the methods used by those Russian operatives, creating new risks for future election cycles. A CNAS report by Elizabeth Rosenberg, Jesse Spiro, and Sam Dorshimer outline the role of cryptocurrency in the 2016 Russian election interference campaign.

Show Me the Crypto

During the 2021 Annual National Security Conference, Energy, Economics and Society Adjunct Senior Fellow Yaya J. Fanusie and Research Assistants Jason Bartlett and Emily Jin hosted an interactive choose-your-own-adventure style scenario following a fictitious South Korean cryptocurrency exchange and associated cybersecurity risks. Following every new development, the audience got to choose between two options which would result in different outcomes. With each new decision, the audience learned more about the economic and national security implications related to innovations in financial technology.

Commentaries

What FATF’s Latest Guidance Means for DeFi, Stablecoins and Self-Hosted Wallets

"Unhosted wallets have long faced some scrutiny from serious and compliant VASPs and that scrutiny is likely to increase, especially until VASPs develop formal risk-based restrictions such as transaction or volume limits between their users and unhosted wallets," writes Yaya Fanusie in Coindesk. "FATF’s directive to study and understand the risks around unhosted wallets may be a boon to blockchain analysis firms. It also may encourage blockchain privacy advocates to double down on their support for anonymizing software. The regulated crypto space is likely to grow, but the unhosted ecosystem will remain as a niche area with significant development and innovation."

‘Web3’ Is on the Way. Authoritarians Should Be Worried.

"The Internet has continued to advance and grow more sophisticated, but we mostly still operate in a Web2 world," argue Anthony Vinci and Dr. Nadia Schadlow in The Washington Post. "Now, we are closing in on a new version of the Internet — Web3 — built on the blockchain, a technology that makes it possible to transact data securely, and smart contracts, which allow users to make agreements without relying on intermediaries — it’s what permits you to pay a vendor directly using cryptocurrency, no bank required. Web3 is still being developed and defined, but it’s clear that, fundamentally, it will offer a more decentralized version of the Internet."

What Will North Korean Cybercrime Look Like in 2022?

"The international community often incorrectly correlates North Korea’s lack of public access to modern computer hardware within its borders with its inability to successfully execute software-reliant cyberattacks," argues Jason Bartlett in The Diplomat. "Over the years, however, North Korea has demonstrated remarkable growth in the breadth, success, and sophistication of its cyberattacks, ranging from hacking government websites and cryptocurrency exchanges to crippling national healthcare services and global financial networks. However, the most unique aspect of North Korean hacking is its focus on targeting financial institutions, a likely result of sustained U.S. and U.N. economic sanctions on the country."

Why Digital Assets are Poised to Disrupt Philanthropy

"As more non-profits follow the likes of St. Jude, American Cancer Society, the Jewish National Fund, World Vision and United Way Worldwide in accepting cryptocurrency donations, there may be questions of what to do with the digital assets once they are in a non-profit’s custody," writes Michael Greenwald in Forkast. "Though crypto charitable giving facilitates inclusion, it may simultaneously increase the volatility of a non-profit’s treasury. There is certainly a longer conversation to be had about how to strategically deploy crypto, liquidate them on exchange over time, and develop longer-term approaches to minimize risk. However, if non-profit organizations believe in the future of cryptocurrency, then developing a plan for managing these donations should be an important strategic exercise."

In the News

Featuring commentary and analysis by Alex Zerden, Yaya Fanusie, Jason Bartlett, and Michael Greenwald.