The secretive and isolated nation of North Korea has been making headlines for its latest cybercrime exploits. According to intelligence agencies, the Hermit Kingdom is behind the $1.5 billion Bybit hack, leaving investigators scrambling to track down the stolen funds.

But how does North Korea launder its crypto loot? The answer lies in a complex network of over-the-counter (OTC) brokers and shell companies, according to Ari Redbord, global head of policy at blockchain analytics firm TRM Labs. "They'll look to exchanges globally that don't have compliance controls in place," Redbord said. "Everyone uses Chinese money laundering organizations. The cartels use them to move funds."

Redbord explained that North Korea's money laundering network is not limited to China, but also extends to countries with lax regulations and no effective anti-money laundering controls. In the case of Russia, it has been described as a "money laundering state" due to its vast dark net market activity and ransomware actors.

But off-ramping billions in value isn't easy for North Korea. With stolen funds exceeding $5 billion since 2017, the nation faces significant challenges in converting its crypto loot into government-issued currencies like the Chinese renminbi or the U.S. dollar. "You're inevitably seeing these funds sit in wallets over long periods of time," Redbord said. "I don't think that's them setting up a strategic reserve of some kind; they're just not being able to off-ramp the funds."

One of the biggest challenges North Korea faces is processing the sheer volume of stolen funds through OTC brokers. The Bybit hack, for example, saw a significant portion of the stolen ETH bridged to Bitcoin via THORswap and fed into mixers like Wasabi and CryptoMixer. These platforms typically process no more than $10 million a day, leaving North Korea with potential bottlenecks before even attempting to off-ramp its funds through OTC brokers.

Once funds are offramped through OTC brokers, the trail goes cold for blockchain analysis firms like TRM, but not entirely. The U.S. government has been using a provision under the USA PATRIOT Act to serve subpoenas to Chinese banks in North Korea money-laundering cases. This strategy requires serious political capital and coordination between the Treasury Secretary and Attorney General, but can be an effective tool in disrupting North Korea's illicit financial networks.

Redbord emphasized that getting funds laundered through the Chinese banking system doesn't necessarily mean the game is won for North Korea. "If any administration would be willing to lean in a little bit, it would probably be this one," he said. "Issuing a subpoena to a small or mid-sized Chinese bank is probably something that would be worth doing." It sends a strong message and can be a valuable asset in disrupting North Korea's illicit financial networks.