When you hear North Korea money laundering, the systematic use of digital assets to hide and move stolen funds while evading international sanctions. Also known as crypto-funded weapons programs, it's not speculation—it's a documented state strategy backed by cyber units like Lazarus Group. This isn’t about random hackers. It’s a well-organized, state-backed operation that steals billions in crypto every year to fund missiles, nuclear tests, and military tech.
How do they do it? They hack exchanges, launch fake tokens like Pengycoin (PENGY), a Solana-based meme coin with no real utility, often used as a front for laundering, and use peer-to-peer trades in places like Myanmar and Iran, where crypto rules are loose or hidden. They exploit unregulated platforms, like the now-defunct IDAX exchange, a crypto platform that collapsed after its CEO vanished with user funds, to move stolen coins without leaving a trace. Even Lucent crypto exchange, a known scam platform designed to steal deposits, has been linked to North Korean actors looking to cash out stolen crypto fast.
They don’t care about long-term value. They want liquidity. That’s why they target low-liquidity memecoins—coins like FRED (FRED), a Solana memecoin with no team, no future, and almost no trading volume—because it’s easy to pump and dump. One transaction can move millions without triggering alarms. And because blockchain analytics can’t always trace wallets tied to state actors, these coins become perfect dirty money vehicles.
Meanwhile, countries like Russia and Iran have their own crypto restrictions, but North Korea operates outside any system. They use underground crypto markets, secret peer-to-peer networks where cash and crypto change hands without KYC—exactly like the ones in Myanmar. They don’t need a bank. They don’t need a license. They just need a laptop, a stolen private key, and a network of shell wallets.
What’s worse? These operations are getting smarter. They use smart contracts, self-executing code that automates transactions without human oversight to hide fund flows. They layer transactions across chains—Bitcoin to Solana to Base—making it nearly impossible to track. And they don’t care if a coin crashes. If PVC Meta (PVC), a token that lost 99.7% of its value can be sold for $50,000 in stablecoins before it dies, they’ll do it.
You won’t find North Korea’s wallets on CoinMarketCap. You won’t see them listed on Crypto.com or Kraken. But you’ll see their fingerprints in every unexplained spike of a dead memecoin, every sudden flood of cash into a no-name exchange, every airdrop that never happened—like CELT airdrop, a token distributed only to private investors with no public record. These aren’t coincidences. They’re tactics.
The real question isn’t whether North Korea is laundering crypto. It’s how much you’ve already seen—and didn’t recognize. Below, you’ll find deep dives into the scams, coins, and exchanges they use. Not to invest. Not to speculate. But to spot the signs before it’s too late.
Cryptocurrency mixing services are being exploited by North Korea to launder over $3 billion in stolen crypto. These tools break transaction trails, making it nearly impossible to trace funds-enabling state-sponsored cybercrime on a global scale.