Summary9 min read

Podcast Summary: Why North Korea Is Winning Crypto Crime and How to Fight Back

Podcast: Bankless
Episode Date: May 11, 2026
Host(s): Ryan Sean Adams, David Hoffman
Guest: Ari Redbord (Global Head of Policy at TRM Labs)

Overview

In this episode, Bankless hosts Ryan Sean Adams and David Hoffman dive into the growing threat of crypto-enabled crime, with a particular focus on North Korea’s state-sponsored hacking groups. Together with Ari Redbord—an expert on illicit finance and former DOJ national security prosecutor— they examine how North Korea has professionalized and scaled cybercrime to fund weapons proliferation and regime stability, how their tactics have evolved, and what the crypto space (and the world) can do to fight back. This episode covers the anatomy of recent hacks, money laundering mechanics, the effectiveness and limits of current countermeasures, and deep ethical quandaries about privacy, regulation, and the future of blockchain security.

Main Themes

North Korea’s transformation into a cybercrime superpower
Evolution of hacking tactics: from technical exploits to elaborate social engineering
Money laundering: from mixers like Tornado Cash to complex global networks
The cat-and-mouse game between criminals and law enforcement/industry defenders
Regulatory and technological responses: offense, defense, and the balance with privacy
Defining liability in crypto crime (e.g., the Tornado Cash case)
How Iran, Russia, and Chinese crime syndicates fit into the big picture

Key Segments & Discussion Highlights

1. North Korea's Professionalization of Cybercrime

[00:00, 02:10]

Ari Redbord emphasizes: "These are state actors. Hard stop. This is the North Korea government who’s realized ... they’re competing globally because they’ve professionalized cyber crime."
North Korea has almost no legitimate economy; funding the regime hinges on illicit activities, now supercharged by crypto.
The scale: North Korea is estimated to average around $1 billion/year in stolen crypto, totaling ~$6B+ over the past several years to fund weapons and destabilizing activity.

Quote:
“This is a country with absolutely no economy whatsoever, and yet they're competing on the global stage because they've professionalized cyber crime.”
— Ari Redbord [00:24]

2. Targeted Hacks: The Drift Case

[02:15, 07:49]

In April 2026, North Korean actors drained $285 million from the Drift protocol in just 12 minutes—using proxies who infiltrated the team socially over months via conferences and in-person meetings.
Shift from targeting just technology to targeting people: "We’ve moved from going after the technology to really going after the people. And it’s really social engineering at scale." [03:33]

Memorable Moment:
North Korean proxies met Drift developers at conferences, built relationships, and even made a fake investment to gain access—akin to nation-state espionage “sleeper cell” tactics.
[05:10-07:49]

Quote:
"North Korea could get Westerners essentially to do their bidding."
— Ari Redbord [06:39]

3. Anatomy of the Hack

[07:49, 12:06]

Technical details: Drift migrated to a “2 out of 5” validator configuration. North Korea gained key access via social engineering and then staged a rapid, programmatic drain of funds.
Similar tactics have been deployed across DeFi and crypto projects: concern this is “tip of the iceberg.”

4. Structure of North Korea's Cyber Units

[12:06, 15:13]

Multiple subgroups: Lazarus Group, Bureau 121, et al. But all are ultimately organs of North Korea’s centralized state apparatus.
Recruitment from a young age: “Think Russian gymnast, right, in the 1980s…they are building this essentially army of cyber warriors.”
Unlike criminal groups tolerated by Russia/China, North Korea’s operations are fully state-run for funding the regime.

Quote:
"This is not a situation where you have China or Russia where there are maybe groups where the government turns the other way. This is...the army.”
— Ari Redbord [13:40]

5. Why and How They Launder Crypto

[15:13, 20:39]

Motivated by necessity: North Korea’s only consistent cash flow is through cybercrime, now turbocharged by borderless digital assets.
Laundering priority: "North Korea needs to move the funds as fast as they can to off ramps…" [16:53]
Uses: Everything from weapons research and missiles to regime luxuries.
Once funds are compromised, the laundering process begins using mixing services, complex networks, off-ramps in weakly regulated exchanges, and Chinese money laundering syndicates.

6. The Global Impact & National Security Response

[20:39, 24:34]

$6 billion is enormous for North Korea: “There are many countries in the world where that might not be true. That’s a huge amount of money for North Korea.” [20:48]
U.S. national security no longer looks at simply shutting down DeFi or crypto, but is focusing on hardening defenses and going on the offensive (cyber “letters of mark”).
Ari calls for empowering a public/private ecosystem to pursue and recover stolen funds—potentially with incentives and legal authorities for private actors.

Quote:
"If North Korea steals $285 million from Drift, we need to go steal it back...It looks like offensive cyber."
— Ari Redbord [23:21]

7. Asset Seizures and the Challenge of Victim Restitution

[28:47, 35:09]

Law enforcement is shifting focus from just prosecuting individuals to aggressively seizing illicit assets.
Example: $15B in Bitcoin seized from the Cambodia-based “Prince Group” pig butchering scam.
Massive challenge to fairly restitute funds to individual victims—calls for a "victim restoration fund," perhaps modeled after the vaccine compensation program.

Quote:
"We need a victim compensation fund. We need to have a way where we can do this and do it at scale."
— Ari Redbord [35:09]

8. How Blockchain Analytics Firms like TRM Work with Law Enforcement

[37:57, 43:31]

TRM Labs combines human threat-hunting (former FBI/DOJ experts) with on-chain analytics, risk scoring, and direct collaboration with government, exchanges, and compliance teams.
Only about 1.3% of crypto activity is illicit; greater visibility versus traditional finance.

Quote:
"There’s no TRM to track and trace ... art and real estate. What we now are able to do here, because every transaction is logged ... we can do this much better."
— Ari Redbord [42:42]

9. Money Laundering Tactics in Depth

[45:41, 54:32]

North Korea’s playbook: move funds from initial hack, through layers of chains and mixers, often converting ether to bitcoin (for liquidity and familiarity with laundering tools), eventually passing through Chinese OTC brokers and established criminal networks.
Professional money launderers (Chinese triads, etc.) facilitate off-ramps for not just North Korea, but also cartels and large scam rings. There are shared wallet addresses across threat groups.

Memorable Moment:
"If you look on chain at cartel activity, North Korea hacks, and these pig butchering networks, you see wallet addresses being used in all three ... that we associate with Chinese money laundering networks."
— Ari Redbord [48:19]

10. Building a Defensive Perimeter: The Beacon Network

[52:40, 56:26]

The Beacon Network: joint effort with major exchanges and fintechs + ~70 law enforcement agencies to flag and block illicit activity in real-time across 85% of centralized crypto trading.
DeFi community support has been surprisingly high; technical limitations remain with privacy-centric and noncompliant protocols (e.g., Thorchain).

Quote:
"My hope is that we could get as many people on board here as possible to really build the most solid perimeter."
— Ari Redbord [55:23]

11. Privacy vs. Security: The Great Debate

[58:03, 65:42]

Deep dive on privacy tools (Tornado Cash, Zcash): Ari believes in the need for financial privacy, distinguishes between pseudonymity and true anonymity.
Argues that we must use technology—zero-knowledge proofs, privacy pools—to strike the balance by enabling privacy for “good guys” while limiting illicit use.
Discusses the tension: if everything is truly private, how do you stop North Korea? But if everything is transparent, you threaten user safety/rights.

Quote:
"None of this works without privacy...But at the same time ensuring that governments can stop North Korea...I fundamentally believe you could have both."
— Ari Redbord [67:21]

12. Legal Liabilities: Are Developers Responsible? (Tornado Cash Case)

[68:16, 72:30]

Conflicting U.S. government statements: “Code is not a crime” vs. prosecuting software developers (Roman Storm).
Ari’s position: code writers should NOT be liable unless they’re actively conspiring with criminals—but intent matters.

Quote:
"We need to make sure the developers aren’t conspiring with bad actors in order to launder funds. ...If you’re building a decentralized service ... for lawful reasons, then no, you should not be prosecuted if bad actors are using your platform."
— Ari Redbord [69:36]

13. Iran & Other State Actors: Operation Economic Fury

[72:35, 77:14]

The U.S. recently froze $344M Tether on Tron used by Iran’s IRGC, including a Central Bank wallet—"an only in crypto" feat.
Iran, like North Korea, is attempting to build parallel crypto infrastructure, not just using crypto for one-off transfers.

14. Why Bad Actors Still Use Crypto (Despite Its Traceability)

[77:14, 80:19]

Crypto remains attractive for cross-border quick transfers, despite growing law enforcement capabilities.
It is a constant "cat-and-mouse"—but unique transparency does give investigators new power.
Bad actors have always been early adopters: think “car thieves after the Model T.”

15. Can Nation States "Defeat" Bitcoin?

[80:19, 84:28]

Discussion of official statements about "defeating" Bitcoin—Ari doesn't buy that the U.S. has secret methods to break or control Bitcoin.
Focus, instead, should be on "harnessing the technology," building better tech-driven perimeters, and playing offense.

Quote:
"I can't imagine a world where we can’t add enough privacy for individual users and yet at the same time ensure that governments can stop North Korea..."
— Ari Redbord [65:42]

16. Recommendations for DeFi & Closing Thoughts

[85:59, End]

DeFi must unite not just to make victims whole after hacks, but to define and enforce best practices for security.
Ari advocates for industry-wide agreements on defense, active participation in information-sharing/blocking networks like Beacon, and a combination of defense + offense.
Law enforcement is becoming pro-on-chain, but more resources are needed as adoption grows.

Quote:
"As great as [DeFi United] is ... if this happens every month, we’re not going to last ... we need a DeFi United for securing our space."
— Ryan Sean Adams [86:01]

Notable Quotes & Timestamps

Professionalization Quote:
“This is a country with absolutely no economy whatsoever, and yet they're competing on the global stage because they've professionalized cyber crime.” — Ari Redbord [00:24]
Sleeper Cell Paranoia:
“North Korea could get Westerners essentially to do their bidding.” — Ari Redbord [06:39]
On Seizing Illicit Funds:
"We're seeing a shift to asset seizure and forfeiture, which is really important because you're not going to get your hands on the Drift protocol hackers ... but what you can do is take the money. And that has a huge impact..." — Ari Redbord [33:59]
Privacy vs Security:
"None of this works without privacy ... I don't think it's a security vs. privacy balance. To me you could have absolutely both of those things." — Ari Redbord [67:20]

Conclusions & Takeaways

North Korea’s hacking apparatus is state-run, highly professional, and increasingly adept at social engineering and technical exploits—raising the bar for defense.
Most laundering is now via complex, international, off-chain networks. No single "silver bullet" exists for law enforcement, but only crypto allows this unprecedented transparency and possibility for counter-offense.
Defensive tools like the Beacon Network and adoption of best security practices across DeFi must scale to meet the challenge.
The regulatory conversation must thread the needle between stopping nation-state crime and protecting financial privacy/civil liberties.
Empowering the private sector and enabling more "offensive" cyber actions against adversaries could shift the landscape—provided robust legal and ethical frameworks are developed.
Developers should not be criminally liable for bad actors using decentralized, non-custodial code unless they are directly colluding (intent is key).

Final Word

This episode is essential listening for anyone interested in the intersection of crypto, global crime, privacy, and policy. It provides a sobering but pragmatic roadmap for what the crypto sector—and the world—must do as nation-state hackers up their game. The arms race is far from over, but new, collaborative defenses are emerging—and the future depends on finding the right balance between freedom, security, and innovation.

Loading summary

Transcript125 lines

[00:00]
Ari Redboard
I've kind of rejected this idea that these are North Korea state sponsored. Right. I would never use that term in our writing or the way we talked about these things. These are state actors. Hard stop. When I talk about the enemies of the United States and our allies, I think about China and Russia and Iran, and I put North Korea in there as well, which is crazy. Right? This is a country with absolutely no economy whatsoever, and yet they're competing on the global stage because they've professionalized cyber crime. Essentially, there is absolutely no economy. So it's always been how do we steal and then ultimately launder funds? And crypto is just the latest iteration of that.
[00:43]
Ryan Sean Adams
Welcome to Bankless, where today we explore why North Korea is winning crypto crime and how we fight back. This is Ryan, Sean Adams. I'm here with David Hoffman. And we are here with to help you become more Bankless.
[00:55]
David Hoffman
Big topic today. It seems to be every single day there is a hack in defi. At least there was almost one every single day for the month of April. And this is all North Korea and the Lazarus Group. But over in the world of Operation Economic Fury, we also have the IRGC getting their assets frozen on Tron. And just a few months ago, there was 15 billion in Bitcoin seized out of a pig butchering scam out of Cambodia. So there's just a lot to talk about when it comes to crypto crime and what all the worst people in the world and how they're using crypto and what we're doing to fight back against them. So this is the subject today for Ari Redboard from TRM Labs. Let's go ahead and get right into that conversation with Ari Banklistation.
[01:35]
Ryan Sean Adams
Excited to introduce you to Ari Redboard. He is the global head of policy at TRM Labs. This is a blockchain analytics firm. It's used by governments, major exchanges. Their goal is really to trace illicit crypto. He's an expert in all of these things. He's had 11 years prosecuting national security money laundering cases at the DOJ. He's been a senior advisor at the Treasury. He's probably the single most authoritative voice that we found in the world on illicit finance and crypto. So we are here to learn a few things. Ari, welcome to Bankless.
[02:10]
Ari Redboard
Hey, Ryan, thank you so much for having me. Really, really looking for the conversation and honored to be on the show. Thanks.
[02:15]
Ryan Sean Adams
I almost don't know where to start. So in April, it was the highest ever purported defi cases of hacks. Let's actually start with The Drift hacked. Okay, so to give some context to listeners, on April 1st, North Korea drained $285 million from a protocol. This is a perps protocol called Drift. They did this in 12 minutes. Last week, your team published a report saying these two accounts, there's a Drift report account, and then the kelp dao one that we saw two weeks ago, accounted for 76% of all the 2026 hack value so far. And what was eerie about the Drift hack to me as I was reading about this was it seemed like North Korea, who we'll talk about more, their groups, their hacking groups, are hunting and stalking high value targets. So again, 76% of the value from two heart targets. They were hunting the Drift protocol for months. Can we talk about the means that they went through in order to pick out the Drift Protocol? Like, it seems like North Korea is hunting and assassinating almost individual high value targets in a very methodical, sophisticated way. Tell us about this case.
[03:33]
Ari Redboard
Yeah, it's really extraordinary and I think it is a watershed here. Although I think it's important to go back a little bit. I mean, North Korea has a centralized, has essentially professionalized crypto hacking and cybercrime. You know, when I was a prosecutor for years with, with doj, we'd look at North Korea cases involving counterfeit hundred dollar bills and counterfeit cigarettes. They hacked Sony Pictures and tried to steal $1 billion from the bank of Bangladesh. So this is, this is something that has been going on for a really long time. I think what North Korea has realized, say over the last five, six, seven years is that, you know, they could hack Sony or some type of business and steal pii, essentially usernames and passwords. But in the age of crypto, this is bank robbery at the speed of the Internet, right? So what they've now done over the last five or six years is stolen essentially averaging about $1 billion a year. So we're talking six, $7 billion to use for weapons proliferation and destabilizing activity. So when you talk about the targeting, it's moved from sort of targeting the technology to really social engineering at scale. And that's what you saw in the Drift case, where they're meeting developers at conferences, right? Using, using other people that they sort of bring in to, to play that role. They're getting access to private keys to those who have the ability to validate transactions on these, on these exchanges. So what, what we've really moved from is sort of just going after the technology to going after the people. And it's really social engineering at scale.
[05:11]
Ryan Sean Adams
That's what, that's what's so unnerving about this case actually is because many of the people listening, many people in crypto, they go to conferences, they think they know, you know, people in the crypto space in real life. And you wrote this. This was a line from CoinDesk, North Korean proxy sitting across a table from Protocol employees over a period of months. We were talking about the Drift tack that is to my knowledge unprecedented. So they met some of the Drift team members at conferences.
[05:37]
Ari Redboard
Apparently look like right, right after this I was at Paris blockchain week, right. Standing around sort of, you know, chatting with people. You, it's, it's, you get paranoid. But that's, that's apparently really what was happening here. They sent proxies to these conferences to meet individuals who were building these protocols. I think the other sort of scary piece to this is if this happened to Drift, this obviously was happening to many, many more teams of developers out there who are building in defi. And I'm very concerned that this is sort of the tip of the iceberg and we really need to take action.
[06:09]
Ryan Sean Adams
So, okay, so they met. I just can't get over meeting them in person because I always think of kind of North Korea Lazarus group group as just their, their offshore. They're the, the actual shadowy super coders out there. They don't manifest in real life. But you're saying they were hiring proxies, I guess paid actors, individuals who, you know, didn't, didn't seem like they were from North Korea. Maybe, maybe same seemed westernized in, in some way, essentially.
[06:39]
Ari Redboard
Yeah, I was going to say essentially. Essentially it had to be, right. I mean this, this was something, to be honest, when I read, and I think it was a report that Drift themselves put out that described actually their investigation. And that was, that was the chilling part for me too. Right. Because there's this whole idea that like you basically have folks sitting in, you know, in military type offices within North Korea who are dealing with this, maybe some in China, you know, but, but that's about it. And here what you had was clearly proxies, right? No one's going to engage with, with someone from North Korea directly. So there's obviously proxies being used here. There's a couple examples of this. Over the years we saw an arrest of a US person for facilitating the IT workers that were ultimately infiltrating a number of different crypto and tech projects who were US persons that were kind of supporting this effort. So there are examples of this. But to me this was, was pretty extraordinary and really chilling that North Korea could get Westerners essentially to do their bidding.
[07:38]
Ryan Sean Adams
Can you talk about how the social engineering actually led to one of the largest hacks, I think the largest hack on Solana in the Drift case. So what were the further details there in that story?
[07:49]
Ari Redboard
Ultimately what they were able to do was gain access to the protocol itself. And that's where you took that social engineering piece to then have to have that really sort of technical attack. On March 27, Drift migrated its Security Council to a new 2 out of 5 threshold configuration, which meaning meant you only needed access to two of the five validators on that platform and North Korea was able to get access and breach there. And what was also so extraordinary is this was programmatic. On April 1st, these pre, there were pre signed transactions were deployed with resulted, which resulted in 31 withdrawals in 12 minutes. And then those funds start moving.
[08:35]
David Hoffman
What's something you're actually looking forward to next month? Because Coinbase is doing something interesting. Coinbase One member month starts with 20% off your first year of Coinbase One, plus a $50 Bitcoin bonus when you spend $100 with a new Coinbase One your first 30 days. They're also layering in extra rewards and perks throughout the month. And if you're active in crypto, Coinbase One is basically designed for you. You get zero trading fees on thousands of crypto assets, 3.5% APY on USDC and boosted staking and lending rewards, and up to 4% bitcoin back with the Coinbase One card. So if you're going to try it, now is the time to lock in that 20% discount before the weekly rewards kick off. Start your month of more with 20% off the first year of your annual plan at coinbase.com bankless@ that's coinbase.com bankless visit coinbase.com bankless to get 20% off of the first year of your annual plan.
[09:24]
Ari Redboard
Today.
[09:24]
David Hoffman
Offers are valid until May 31. Terms apply. Coinbase One card is offered through Coinbase Inc. And Cardless Inc. Card issued by First Electronic Bank. Bitcoin back rates are based on cardholder assets on Coinbase. Quick shout out to OkX. They are live in the States building the new Money app. And Wall street is taking notice. The parent company of the NYSE just invested at a 25 billion valuation and took a board seat. That's the New York Stock Exchange coming to crypto, not the other way around. And why okx it's the only app combining a full centralized exchange and self custody wallet in one place. Sex trading, Dex access on chain activity all in a single interface, NowHere, bouncing between five apps, copying pasting addresses or bridging tokens in separate tabs. They support Bitcoin, Ethereum, Solana Base and more. Millions of tokens, just a few clicks and an infrastructure that processes trillions in transactions and keeps assets fully backed. OkX users are set to get tokenized New York Stock Exchange stocks and derivatives later this year. Traffi and Defi finally in the same app, head to the link in the Show Notes, download OKX and see why it's the NYSE's go to for going bankless in the United States, not investment advice services not available in New York, Kentucky and Texas. You would have never thought two years ago that you could soon be trading tokenized oil on Metamask, but here we are. I've been using MetaMask since 2017 and we all remember buying NFTs with it in 2021 and now in 2026. If you haven't checked in on Metamask recently, let me tell you, you can trade tokenized stocks, funds and commodities along with leveraged perpetuals, prediction markets, and even yes, you can gaseously swap between crypto tokens across networks too. There's advanced security features like MEV and front run protection and even a debit card so you can actually spend your crypto directly at merchants all around the world. And it's all self custodial, everything you want to trade in one place. This is the open money future we've all been waiting for. Check out the new MetaMask. It's already on your phone or in the link below.
[11:06]
Ryan Sean Adams
So this turned into a hack of $285 million, I believe. And this was a drain that lasted just for 12 minutes and then it was kind of a pretty incredible hack and I suppose a big win maybe for the hackers. I'm curious to learn a bit more about them. So oftentimes we hear about it's just like North Korea. Sometimes we hear about a subgroup called Lazarus. I've also heard About Trader Trader Bureau 121, like all of these different subgroups and when I've heard people talk about this previously, it almost seems like there are these like decentralized groups within the North Korean government that maybe operate somewhat autonomously but sometimes in a coordinated way. Can you give us a lay of the land for all of these various groups in North Korea? How they're incented how they're structured, like, what do we know about them?
[12:07]
Ari Redboard
Absolutely. And it's interesting, I think my own views of this have evolved over time, particularly recently. You know, going back even a few years, I've just always thought to myself, this is North Korea. And I've kind of rejected this idea that these are North Korea state, sponsored, right. I would never use that term in our writing or the way we talked about these things. These are state actors. Hard stop, right? This is the North Korea government who's realized that, you know, stepping back for a moment, right? Like when I talk about the enemies of the United States and our allies, I think about China and Russia and Iran, and I put North Korea in there as well, which is crazy, right? This is a country with absolutely no economy whatsoever, and yet they're competing on the global stage because they've professionalized cyber crime. Essentially, there is absolutely no economy. So it's always been, how do we steal and then ultimately launder funds? And crypto is just the latest iteration of that. So what they've done is they've built a cyber army, essentially, and it has different names. And you're right that it's becoming more and more decentralized, where these groups are acting on their own. They have certain signatures of the way they ultimately launder funds, the way they steal funds. But I think that the easiest way to understand this is this is just North Korea. You know, I. People ask me all the time, how have they done this? There's an amazing podcast called Lazarus Heist on the BBC which walks through two seasons of how essentially they've built this capacity. But essentially what it is, is like they raise kids from a really young age to be hackers, to be cyber warriors. You know, think Russian gymnast, right, in the 1980s. They take you, if you show the, the abilities in stem, and they. You have access to the Internet, which most North Koreans don't have, maybe they'll send you to China to compete. Word for education. And they are building this essentially army of cyber warriors that now are attacking crypto exchanges, right. You know, a couple years ago, they were involved in other types of activity. And, and it's, it's really, it's really crazy. And I think the most troubling part is unlike the hacks that occur from time to time, right, in sort of more of the private way, you know, the money stealing that we see in crypto, the scams, this is to fund weapons proliferation, right. This is to destabilize the Korean peninsula. So this is, this is, this is North Korea. This is not a situation where you have China or Russia where there are maybe groups where the, the government turns the. Turns the other way. This is the. Actually the government. This is the army.
[14:40]
David Hoffman
How much of this behavior out of North Korea just comes from the fact that they just like, don't economically, they don't really have any other options. Like, if you ask me what North Korea's biggest exports are, I have no clue. I have no clue how North Korea makes money, except for the fact that they steal hundreds of millions of dollars all the time from the crypto industry. And so, like, this is just like born out of necessity from North Korea. They just didn't have any other options. And so they learned that, like, there's money on the Internet that they can go steal. How much of this just came out of the fact that, like, this is just what they need to do to survive?
[15:13]
Ari Redboard
That's so much what it all has come out of. But what's interesting is you just watch the sort of progress of this. And I mentioned, you know, in. We've looked back at North Korea, you know, people ask me all the time, hey, how did you get into crypto? Right? And I wish I had the better origin story where I, like, you know, bought in 2011 or whatever. You know, I would be driving around in my Lambo like everybody else. But for me, it was actually North Korea. I was a national security Prosecutor at the U.S. attorney's office in D.C. and we started to look at money laundering cases involving North Korea, and we started to see bitcoin in those cases. And this was way before these sort of really, you know, attacks at scale, certainly before defi. And I said to myself, wow, this is really cool technology where you can move funds, cross border at the speed of the Internet and try to start to understand, like, wait, wow, how could we use this for good? But also at the same time realizing this is really a technology we need to keep out of the hands of bad actors. So North Korea has really been early here. But you're absolutely right. It's. It's born out of necessity.
[16:13]
David Hoffman
Just going back and just labeling some quick hacks. $1.5 billion in February 2025 from Bybit. The $300 million recently from. From Kelpdale, I think that's down to $200 million. There's the Ronin Bridge. I think that was also North Korea. Substantial numbers, multi billion dollars. I don't know. I don't know if you have off the top of the head, like a total amount of some 6 billion is
[16:33]
Ryan Sean Adams
what you said, right?
[16:33]
David Hoffman
Yeah, 6 billion.
[16:34]
Ari Redboard
We just put out a report, I think last week that said 6 billion over the last, you know, five years. Something around that.
[16:42]
David Hoffman
What, and how do they do with their money? How, what happens next with $6 billion in crypto assets held by North Korea? Like what, how do they turn that into something productive?
[16:54]
Ari Redboard
So, so that, that becomes the challenge and for, for trm, at least the most interesting piece of the puzzle where we're focused on, right? So the attack happens and we can get into maybe how we can stop those at some level. But then the laundering begins. And North Korea launders differently than certain actors. They want to move the funds as fast as they can. They're going to use services, mixers and other types of services to obfuscate the transactions, but they're actually less worried. Well, they're not worried at all about getting caught. What they were worried about is getting those funds off ramped as fast as they can in order to use them, you know, and it's hard to say what exactly they're being used for, but everything in North Korea is being used for weapons research, for missiles, who knows, for Crown Royal, for the regime. Or, you know, it's, it's, it is, it is being used to prop up a rogue regime, essentially. But that is really the sort of the interesting laundering piece. North Korea needs to move the funds as fast as they can to get them to off ramps to use them, and they're going to lose some of that. We see that in the Bybit case, we see that in the Ronin Bridge case. But they'll get enough off where this certainly becomes very, very valuable.
[18:01]
David Hoffman
Was there like a before, after moment in the just power and capabilities of North Korea after crypto? So like, once they started hacking hundreds of millions of dollars, I would imagine, as we kind of discussed the, this prowess, this capacity for, for, you know, hack, hacking the Internet and stealing the funds came out of crypto and came out of necessity because they didn't really have any other economic engine for themselves. Has North Korea become substantially more powerful and their, their military, their weapons, whatever, is this more capable because they have all these billions of dollars coming in Florida. Like, what can we say about, like how crypto has impacted the arc of North Korea?
[18:41]
Ari Redboard
Certainly hard to say, but I don't know that there's been any economy within North Korea over the last, you know, couple of decades that could have done, you know, a billion dollars a year on average for, for the regime. And I think what we're really concerned about Right now, in this moment, right. Why we're having this conversation is that, you know, this. This year, now, North Korea is the vast majority of hacks, and the. The Drift hack feels like a playbook. And how many of these are in line essentially in tow right now in order to try to go after. So my concern is that there have been a number of really key moments when it comes to North Korea. You mentioned the Ronin Bridge. It was a $600 million hack, which at the time was absolute game changer. And I actually think it got the US Government at least very focused on the issue. We had a number of meetings with U.S. korean and Japanese leaders in order to figure out how we can come together as sort of a trilateral to go after these guys. That was a huge moment. You mentioned the Buybit hack in February of 2025. That was the largest bank robbery in human history. And it wasn't even close. Right. 1.5 billion just walking out the door. And then I think we're in this moment right now where defi is the target, where we're seeing them move slightly differently. The social engineering piece has always been there, but now it's more pronounced. So I think that now we're seeing another one of these moments and we gotta stop this.
[20:05]
Ryan Sean Adams
Yeah, that's what's so scary about that Drift hack. Keep coming back to that. It's almost like the idea of you could have sleeper cells out there, like, infiltrated in. In your company. I mean, they waited months to pull this off. It almost had the sophistication of you, like, you read about massage Mossad and what they're doing, what they did with kind of the, you know, the pager attack, for instance. It's that level of. Of nation state sophistication and patience. Like, they. They set up a fake partnership, like a shell company with all of these. You just, like, fake.
[20:32]
Ari Redboard
They made investment in the company, they made investment in the project.
[20:35]
Ryan Sean Adams
Yeah, just like, incredible.
[20:36]
Ari Redboard
And a significant investment. I want to say they said it was about a million dollars or something.
[20:40]
Ryan Sean Adams
Yeah, yeah, yeah. Okay. So a few other things I. I wanted another way to ask. The question David was asking is, is like. Is $6 billion a lot of money for North Korea?
[20:49]
Ari Redboard
$6 billion is a huge amount of money for North Korea. I thought so. There are many countries in the world where that might not be true. Right? That is a huge amount of money for North Korea.
[20:57]
Ryan Sean Adams
Okay. Okay, that's. That's what I thought. So this is a major funder of their weapons program then.
[21:03]
David Hoffman
So they're not stopping anytime soon.
[21:04]
Ari Redboard
They're not stopping. And I think they're very bullish after this last. This last month.
[21:08]
Ryan Sean Adams
Very bullish. Yeah.
[21:09]
Ari Redboard
Yeah.
[21:10]
Ryan Sean Adams
Okay. So what does national security at the US think about this? So under a less crypto favorable administration, we used to hear murmurings that, you know, the White House, national security wanted to sort of shut DEFI down, shut crypto down, partially because of these types of hacks. Right. It's just like, look, if you guys can't secure your programs, your DeFi and your crypto assets, like, this is becoming a national security threat to the US and, like, we might have to just come in and shut you down. Like, I don't think I ever heard that kind of statement. Exactly. But you almost felt that sentiment or those rumors, possibly. What about that is. What is. What about that is true? I guess. What does national security think about the. The state of crypto right now? Are they kind of pissed that this is happening?
[22:05]
Ari Redboard
Look, look, the folks that I've been talking to on this are very well, how do we stop this from happening? Essentially? And it's not so much, hey, we're going to shut down these services. I think the reality is, and I kind of went through this, right? Like, North Korea has attacked every sector. You know, they have attacked banks, they have attacked tech companies, they've stolen pii. We're not going to shut down hospitals because they're victims of ransomware attacks at scale. Right. Hospitals are the number one target. I think it's like 50% of all targets are hospitals for ransomware attacks. So I think the question really becomes, and the questions we've had with the White House, the Treasury Department, the national security community is how do we stop it? And I at least advocate for sort of two ways to think about that. The first is hardening cyber defenses, which we all know needs to happen. I think the DEFI community is having a conversation over the last couple of weeks in a pretty meaningful way about we might not have standards, but as a community, we need to come together and at least come up with best practices, you know, for protecting these platforms. So I think that's. That's a really critical piece. Cybersecurity should be built in to a protocol. But the second is the one I'm more focused on. And it's. It's like, we got to stop blaming the victims here. Right? You know, essentially, North Korea is attacking these project at scale. We got to attack North Korea.
[23:20]
Ryan Sean Adams
Yeah.
[23:21]
Ari Redboard
So, you know, to me, if North Korea steals 285 million from drift. We need to go steal it back. And what is that? What. What does that look like? It looks like offensive cyber. And we have the capabilities within the national security community. I. I believe we're using some of those, but we need to be doing it in a much more meaningful way. I felt this after the Bybit hack, right? They could steal 1.5 billion from an exchange. Let's go get it back. Let's target the bad actors. And that's mostly what we're kind of hearing out there, just like, again, like, backing up for one moment. I think about this all the time. I think we're in this really interesting moment in human history where the private sector has all of the data, right? Like, we have this rich data set of blockchain data, AI, and the government has all of the authorities. And what we need to do at DRM is we try to ensure that the government has all the data they need, but we also need some of these authorities. The private sector moves very, very quickly. Give us the opportunity. Give Seal, give some of these other. Give Zach xbt, Give us some of the authorities to actually go after these bad actors ourselves. And I think we could really make a dent in this issue.
[24:34]
David Hoffman
Well, I love how badass that sounds. And definitely what I want. My reservation is that it feels somewhat asymmetric where the Lazarus Group is attacking our, like, defi protocols, which are complex. They have, you know, attackable surface areas. There's ways to penetrate them. And then once North Korea gets their hands on the crypto assets, what do they do? They just hold it in raw ether or raw Bitcoin. Like, how do we. How do we attack that? And so it seems somewhat asymmetric. So while I love the notion, I think I will need further convincing that that's even, like, a feasible thing to do.
[25:10]
Ari Redboard
I love that. I think there's probably a ton of ways around this, and it's not. It's. It's not easy. And I don't. I don't want to make it seem easy, but let me give you an example. Right after the Colonial Pipeline ransomware attack, which is probably the most famous ransomware attack ever, right? I don't know about you guys, but I was having trouble getting gas in D.C. you know, for. For a couple of days, right? It was. It was. It was pretty significant. I think it moved the cyber crime, cyber attack conversation to a very mainstream conversation. But ultimately, what we were able to do is trust, track and trace the ransom payment, and law enforcement and national security agencies were actually able to use Tools to take them back, essentially, you know, and I don't have access to those tools, but essentially crack private keys. Did they beat them out of someone? Did they, did they actually have access to them through. Through a hack on a computer system? You know, these same bad actors, China and others, are attacking our computer systems for our government agencies. Right. The U.S. treasury Department recently a victim there. So I think there are things that we can do that aren't necessarily like, hey, we're going to breach a defi protocol that North Korea is using in some way. But I do think we could breach their computer systems that are potentially holding at least information that can allow us to do some of that. This is a little outside of my area of expertise, but I really want to empower the private sector and the public sector to work together on this.
[26:37]
Ryan Sean Adams
I love that idea. Even the idea of empowering the private sector is like, what is that? You know, commission bounty hunters or. Exactly, Let me have the skills.
[26:44]
Ari Redboard
So letters of mark, right? So this is what I'm advocating for, right?
[26:48]
Ryan Sean Adams
Mark.
[26:48]
Ari Redboard
In. At the, in the, during the US Revolution. US Revolution and, and about a war of 1812, what we would do is we would actually commission privateers to go after pirates on the high seas. Okay, why? Because. Because we can move faster. Because, you know, private individuals with boats can just go get them also with incentives.
[27:11]
Ryan Sean Adams
You know, hey, you get it.
[27:13]
Ari Redboard
You get a 5% cut of that with incentives. So think cyber letters of mark. You know, pirates today are on blockchains and in cyberspace. Let us, with the tools and the training and the expertise, go after those guys where they live.
[27:28]
Ryan Sean Adams
Hell yeah. I love that idea, actually. And in fact, maybe I, I'm, I'm most excited about that versus all of the other defense, you know, which we need to do.
[27:36]
Ari Redboard
Defense. It's like basketball, right? Like defense wins championships. I get that. That's how we're going to stop this in the long term. But we gotta also play offense here.
[27:45]
Ryan Sean Adams
Did we do some of that? So actually, I wasn't aware that the Colonial Pipeline ransomware had kind of a happy ending. And some of the funds were recovered. But I did see a story. I think this was back in October of 2015. Dave and I talked about it on a bankless show. This was FBI DOJ successfully seized 15 billion in Bitcoin from a massive international pig butchering ring. That was the very famous Chen Xi pig butchering ring, I believe. And somehow mysteriously, assets were recovered. 127,000 Bitcoin was recovered. $15 billion. That's gotta be one of the largest asset seizures by the DOJ and FBI in history. And it's like mysterious as to how they actually recovered those funds. I, I saw blockchain forensic analysts being like, huh, this is weird. It's almost like they somehow got their hands on the private keys. I wonder how they did that. Do you know anything about this?
[28:48]
Ari Redboard
Yeah, you know, look, I, I talk about this case a lot. I think it's really a great example of so many of the things that we're calling for. First, first and foremost, we, we need a whole of government approach. Right? This is. Scams and fraud are now a national security issue. We're seeing transnational criminal organizations. You mentioned Shenzi and the Prince Group, which is out of Cambodia, was running these massive scam compounds that were stealing billions of dollars from, from American.
[29:16]
Ryan Sean Adams
When you say massive, you're talking about thousands of employees almost in like call center, data center.
[29:21]
Ari Redboard
Thousands of employees, many of whom are human trafficking victims themselves who are lured to these places. This is the fair, this is like the worst financial crime scourge that we've seen certainly in my lifetime. And I've been doing this stuff for a really long time. And, and you talk about things we need to use every national security tool but we really did in the Prince Group case. And when people ask me what we should do, I'm like, actually we have the playbook, right? DOJ indicted Shenzi, who is the ringleader here, who actually operated at the highest levels of the Cambodian government. We did the largest forfeiture action in human history. $15 billion. Right, that you mentioned. I mean, unbelievable. But then OFAC also sanctioned Prince Group. We saw FinCEN actually take down their primary money laundering facilitator called we won. And it was really this whole of government Interact agency approach to go after these bad actors. And it's a win. The problem is there's like 10, 15 more prince groups out there throughout Southeast Asia and the world. But in terms of the, the, the, the taking the 15 billion itself, you know, it's hard to say how exactly we, we, we did that. I will say I highly recommend reading the, the forfeiture action and the indictment in the case. There's a really interesting paragraph in there that talks about an insider who had access to some of these funds and, and Shenzi at one point getting very upset with this person and kind of wondering, you know, how that maybe dovetails into some of how we were ultimately able to, to, to, to seize and then forfeit these funds. But I think there's A lot of, lot of nuance there, a lot going on. But I think it's a playbook for how we can go after these scam compounds.
[31:00]
Ryan Sean Adams
I love that. And, you know, part of that is something that only a. Another nation state can actually do is to actually just. I don't know. I saw pictures of the guy. What's his name again?
[31:09]
Ari Redboard
Shenzi.
[31:10]
Ryan Sean Adams
Shenzi. Being arrested. I mean, you got the sense that there was cooperation with the government. The special forces kind of like came in and just like picked this guy up and brought him to justice.
[31:21]
Ari Redboard
Well, what's interesting about that case. So just to be, just to be clear, so he was not arrested. So he was. So he was indicted. I'll tell you what you saw. He was indicted by the, like a
[31:31]
Ryan Sean Adams
bag over his head, maybe. It was so, like, was it. So China actually arresting him? Okay, so he was.
[31:37]
Ari Redboard
And we could talk about this a little bit. So he was indicted by the US and then ultimately China swooped in, in and brought him to China. And I think this is kind of the China narrative in my mind. And that is if you read the indictment, you read the forfeiture order, you ha. There's reference throughout to Chinese national security agencies in there and how they were connected to Cambodian government, how they were connected to the Prince group. And I think the reality is that for China's taste, Shenzi just flew too close to the sun. You know, it's one thing, it's one thing to operate this way, likely sending funds back to China, but you can't get caught. And you definitely cannot get. You definitely cannot get indicted and brought back to the US So before we
[32:22]
David Hoffman
have parts of China were complicit here.
[32:24]
Ari Redboard
And so very likely or at a minimum certainly looking the other way too
[32:29]
David Hoffman
or too close or just something that's a bad look for China.
[32:34]
Ari Redboard
So they grabbed him. So we could. Was essentially how I. That's, that's my interpretation of what happened. And since this is bankless, we can, you know, we'll take it a little further than I might. That I might normally, but I think that, I think that is essentially what happened there in terms of the arrest. But I do want to point one thing out that's important. We are seeing a shift, and I think it's a really good shift. We TRM held our public sector summit last week where I got out in front of about 250 mostly US federal law enforcement and national security agencies. And we actually talked about this point and there's. We're finally seeing a shift to the Way we go about our business, it's always been from, from a, from a law enforcement perspective, you've got to arrest someone, right? Handcuffs on people, prosecutions, you know, potentially going to jail. I think we've seen a shift to asset seizure and forfeiture, which to me is really important because you're not going to get your hands on the Drift Protocol hackers. They're in North Korea, they're in China. It's never happening. You're not going to get your hands on Russian cybercriminal groups that are doing ransomware attacks in darknet markets. You're not going to get your hands on, you know, Cambodians running scam compounds, likely because they're in countries that are just not going to extradite to the United States. But what you can do is you can take the money. And that has a huge impact, right? I mean, ask any drug dealer on the street who had their Escalade taken. They're probably more concerned with that than doing the time in jail. And I think that's a really powerful tool.
[33:59]
Ryan Sean Adams
You can take the money. That's right. I do think that's a powerful tool. That's, that's part of the offense that you were talking about. But, but can we talk about the victims here? Because it's always been unclear to me where that $15 billion goes, right? Does the US government just seize it and take it? And, hey, now it's part of the strategic Bitcoin reserve. Like, you're welcome, everybody. The reality is that $15 billion was taken from hundreds of thousands of individuals, US citizens, other citizens of the world, through these, like, intricate pig butchering campaigns. For those not familiar with that, it's like, I think it's the idea that you sort of, you fatten up the victim by treating them nicely, socially engineering them, catfishing them, pretending to be an interested party, business relationship, girlfriend, something like this, and then you sort of milk them for their funds, right? Socially engineered. So people are losing their, their money, and it's hard to kind of trace that back to individual victims. I'm wondering if in these types of cases with the seized assets, do victims ever get some of that remuneration, some of their money back, or is it just too impossible to, to handle something at that scale?
[35:09]
Ari Redboard
It's the most important question, and I'm so glad you're asking it. Like, when I think about these cases, and I've testified really recently, once, about a week or so ago, before the House Homeland Security Committee on just this, on how transnational criminal networks are stealing billions of dollars from Americans. And then prior to that, actually I testified before the New York State Senate on how New Yorkers specifically were being attacked. And I said the same thing essentially is like we need to build a victim compensation fund. We need to have a way where we can do this and do it at scale. I think the biggest challenge right now is how do you associate, even with blockchain tracing, how do you associate a specific individual victim with a specific compound? Right. Hey, we took down KK park, so we know that your, this is part of your funds. Or we took down Prince Group, so we know these are part of your funds. So what I advocate for and, and one of the recommendations I made in that testimony, I would encourage folks to read it. It's on our site. It's like a very detailed perspective to include letters of mark, to include other types of legislation that I think could be helpful. But I think we, we need a victim restoration fund and it's contemplated by the executive order that came out recently on scams. The Trump administration put an executive order on cyber enabled scams. And one of the recommendations or one of the call for a victim restitution restitution fund. So people ask me, how does this work? Because you're absolutely right, Ryan. Like this is tough. It's funny enough, when I, when I was a baby lawyer, it was after my first year of law school. So this was like 30 years ago. I couldn't get a job anywhere in the Justice Department, but I really wanted to work there. And I finally found this really, really random office called the Office of Vaccine Restoration. And essentially what it was, was like there was a public good of not allowing people to sue vaccine companies in tort. Right. So if you're hurt from a vaccine, we don't want you to be able to sue the company and put them out of business because we need vaccines. Right? So instead for every vaccine that's sold, I think 76 cents went to this, went to this fund. Okay. And ultimately a victim, you know, child with an encephalopathy, some type of other damages, would petition the Department of Justice that ran the fund and ultimately lawyers there would decide whether this claim was valid and pay out the fund. I see a victim restoration fund like that as the future for, for, for this, it, it, it's for everybody. Any victim, us person who's a victim of a scam can submit to this fund and try to get restitution there. So I, I, that's, that I think is the vision. I, I love that the Executive Order talks about it because I think that that makes it very real. I think we'll get some legislation from Congress on this and I think we'll start to move. But it's so important and I don't know that well, it is not happening fast enough.
[37:58]
David Hoffman
Now can we take a step back and just paint for the listener and myself what it actually looks like to work with law enforcement? So TRM labs just to kind of like speed, run, correct me, whatever I get wrong, but just to speedrun, like what you guys do, you guys just take in all of the blockchain data. You guys have mapped out who are the illicit actors with some degree of certainty. You guys, you like risk scoring. So like, these addresses are likely North Korea. These addresses are likely some sanctioned actor. You give that data out to exchanges so they can know what's up. But then also you guys work with like law enforcement and the FBI. Can you just like paint a picture of what look, working with law enforcement looks like?
[38:36]
Ari Redboard
Absolutely. Let me just back you up for one second because there's one part of that you. You nailed it. But it's so interesting. How do we do that? Attributing addresses. We have a team of threat hunters. We have someone who focuses full time on ransomware. She's a former FBI analyst. We have someone who focuses full time on Iran. I would say he's the foremost expert on Iran and the use of crypto. Today we have a guy named Nick Carlson, who is former FBI analyst I worked with when I was a prosecutor, who is the foremost expert in my mind in the world in North Korea and money laundering. And what they're doing is they're out there attributing illicit crypto addresses. So for example, we have someone who focuses full time on terror financing. He is actually communicating on password protected telegram channels and rocket chat with mujahideen with ISIS fighters, trying to get them to send him crypto addresses so we can attribute them in our tool, terror financing. We then provide that data to basically three main buckets to law enforcement. And I'll kind of get into your question in a moment. Who use it in that sort of like to me, like the sexy use case, right? The tracking, the tracing the building, the investigations, the going after bad guys to regulators who use it to make licensing determinations, right? Places like the Monetary Authority of Singapore or, or, you know, or New York Department of Financial Services. We then also provide that information to compliance teams at large financial institutions at crypto businesses. So that's, that's kind of the Secret sauce. In terms of working with law enforcement, it's a couple ways. First, we're providing them the software. So first and foremost, we're a software company, so we're selling that data with a cool UI that allows for the tracking and tracing on top of it. But we also have a really cool global investigations team that's sourced from some of the finest crypto investigators you know of all time. I think a lot of people know Chris Chanceski. He and I were in a very cool Netflix documentary together called the Biggest Heist Ever. He was the protagonist in Andy Greenberg's book Tracers in the Dark. Chris is our head of global investigations, and he has a team of former global law enforcement from Met Police and Korean National Police who are working side by side with our law enforcement partners to track and trace illicit proceeds and help them build investigations.
[40:52]
David Hoffman
This question is a little bit squishy, but how dominant is crypto? And therefore, like TRM Labs and maybe also Chainalysis, a company that's very similar to yours, how dominant is that when it comes to just international transnational financial crime? So, like, maybe one scenario is like, there is transnational financial crime, and I don't know what it looks like for it to not be in crypto, but like, maybe, maybe that is like some amount of the cases. Or is it like, oh, if there is transnational financial crime, it's probably some component at the very least is in crypto. And so you guys are always involved or very frequently involved in some of the highest level cases. Like, how big is this world?
[41:33]
Ari Redboard
Yeah, it's a, it's, it's a great question. It's funny, I usually start with this, but I think Ryan just got into drift so fast. We were just rocking and rolling. But, you know, we put out a crypto crime report a couple months ago. It basically said we saw 158 billion in crypto crime in 2025. That is a, a record setting year. Okay, and that's always the headline, right? 158 billion record year in crypto crime. That only makes up about 1.3% of all activity within the crypto ecosystem. So we're still talking about 98, 99% of activity within crypto is lawful. To give you a sense of that, it's much harder to tell this in fiat, but normal numbers are somewhere between 3 and 6% is kind of what you see out there. But. Right, so. So there's that piece of just like the pure data piece. The other piece is, look, when I was a prosecutor, I wasn't investigating crypto cases. It just wasn't what was happening at the time. I was investigating cases involving networks of shell companies and hawalas and bulk cash smuggling and high value art and real estate. Right. Isis. ISIS was stealing antiquities in Syria and elsewhere.
[42:41]
Ryan Sean Adams
We might call that trad. Money laundering.
[42:43]
Ari Redboard
Yes, I just call it money laundering. I just call it money laundering. And I'll tell you, there's no TRM to track and trace those things. And I think that there's no trad. But what we now are able to do here, because every transaction is logged and immutable and traceable and trackable on a public ledger. I'm sure you've, you've discussed this before over the years. We can do this much better in my mind.
[43:11]
David Hoffman
So, so when there is a big, you know, transnational crime case, and it does touch crypto are, is like organizations like the CIA or the FBI, are they like stoked? It's like, oh yes, this one has a crypto footprint. That means we have extra tools to go get these guys that we otherwise wouldn't had it been trad crime.
[43:32]
Ari Redboard
I think they absolutely are. With this sort of caveat, right? We don't live in a world yet, and who knows if we will. Where all activity occurs on chain. Every case is a mix of on and off chain activity. And what we are really good at at TRM is enabling law enforcement and others to, to see every transaction that occurs on chain. Where we lose visibility is where funds move off chain through networks of OTC brokers in China, through, you know, hawala's, you know, crypto like hawala's, when it, when it's trans, when it's, when you can move it to cash. And I think one thing I've always really tried to, to, to explain is that like these tools are not a silver bullet. They're one tool in a toolbox that a great investigator has. Right? So if funds are moving through an exchange, what law enforcement does is serves a subpoena on that cryptocurrency exchange to get that underlying user information. And once they have it, then they reach out to Google for their Gmail, they reach out to, you know, their cell phone provider. Maybe they're able to actually figure out their location by triangulating cell tower data. Right? They're using all the tools that law enforcement has used used for a really long time. I mean, one example of this and it hasn't played out, sadly, but I got asked a lot when there was a bitcoin ransom demand in The Nancy Guthrie letter about how essentially this would work. Right. The most mainstream case that we've seen probably in a decade in terms of people really wanting to understand how this worked. And what I would explain was like, yes, there's a bitcoin demand. Yes, if funds move, we can track and trace them, but law enforcement is going to need to use their entire toolbox, you know, because so far these funds aren't moving and there's got to be other means in order to investigate this case.
[45:25]
Ryan Sean Adams
By the way, I'm just curious. The did the Nancy Guthrie case get resolved? That was kind of in my feed and it was big news. And then I never followed that through to resolution.
[45:33]
Ari Redboard
Yeah, I think sadly it hasn't at all resolved. And my sense is that, that folks don't know where she is or what's going on with the case.
[45:42]
Ryan Sean Adams
Wow. Chilling. Can we go back to what you were talking about with respect to on chain money laundering and how this process, this flow works? So North Korea has hacked and stolen $6 billion. We've seen a few cases in April, the Lyft case, the Kelp Dao case, Some other details we'll get into. What do they do after they acquire the cryptocurrencies? So just like one thing that we often see is they will move to the highest security, most decentralized chain possible, it seems like. So if they're on, you know, something like Tron, they might move to Ethereum and then later possibly even to Bitcoin. So that seems to be something that happens, at least that, that I've seen. They also seem to use some of the on chain privacy type tools. So Tornado cash is often cited. So if they have Ether on Ethereum, then they'll try to move some of that through Tornado Cash. Oftentimes it also seems like they then move some funds to Bitcoin and they use something called Thor chain in order to move across kind of that bridge. Can you just talk? And then, and then I'm not sure what happens after that. Is it just like tainted bitcoin somewhere or is it cleaned ether? If it's on the other side of Tornado Cash, what happens and how do they get that into the kind of the real economy in order to purchase weapons and nuclear capabilities and that sort of thing? Can you take us through that flow?
[47:16]
Ari Redboard
Absolutely. I mean, Ryan, you nailed it on the laundering piece for sure. And that's exactly what is going on today. Thinking of it slightly broadly here. North Korea is trying to move funds as fast as they can and they have A different playbook. You mentioned the Thor chain is a service that's being used quite frequently right now. And I think part of this is with Bitcoin being completely decent. Bitcoin comes with benefits and issues when it comes to laundering funds. It's historically volatile and bad actors want to move their funds into more stable assets just like the rest of us to use them. But at the same time, stablecoin issuers like Tether, like Circle, have unique capabilities when it comes to essentially what I refer to as burning and reissuing their native token, what some people call freezing or blocking, essentially. You know, Tether is able to essentially freeze, burn, which means take the token out of your wallet and move it into an inaccessible wallet and then ultimately reissue to the government or to a victim or something like that.
[48:19]
Ryan Sean Adams
Right. It would be insane for North Korea to keep those funds in usdt.
[48:23]
Ari Redboard
That's exactly right. Right. So, but what's interesting is for years that's the narrative, right? Like, hey, all bad actors are using usdt, right? It's certainly still happening because of, of, I think for two main reasons, liquidity and the, and the stability issue. Right. Bad guys want to move their funds, but they need to offer up those funds to, to, to, to more usable currencies quickly to, so that, so they're not getting blocked. And we're seeing Tether really act at scale more and more now on these, on these types of cases. So we are seeing, you know, look at the Bybit hack is a great example. I think that that changed a lot for us in terms of how we were watching laundering. Essentially, North Korea stole 1.5 billion in Ethereum and within the first 72 hours converted almost all of that to Bitcoin and then started using the services that North Korea typically uses. One thing that's really important to note is oftentimes North Korea, the pig butchering networks that David was talking about earlier, cartels are actually transferring their funds at one point, at some point to professional money launderers. And that is how they're ultimately off ramping those funds. They're using networks of, you know, casinos of OTC brokers. They're getting them into the Chinese money laundering networks that have essentially professionalized money laundering prior to crypto. And now we're getting more and more involved in crypto. If you look, and this is to me like, this is the most startling thing, if you look on chain at cartel activity, North Korea hacks and these pig butchering networks, you see wallet addresses that are being used in all three of Those laundering typologies or those threat categories that we associate with Chinese money laundering networks, these professional organizations run by the triads and other types of like Chinese organized crime. So oftentimes like North Korea will steal the money but ultimately turn it over, essentially sell the funds to one of these networks.
[50:25]
Ryan Sean Adams
Okay, so in the Bybit hack as an example, 1.5 billion ether were stolen within 72 hours. Most of that was on in bitcoin, on the bitcoin blockchain by route of what? Thorchain.
[50:39]
Ari Redboard
I believe Thorchain was right in that case. Yes. And, and, and honestly. And we've seen that playbook play out in kelp as well in this recent, in this most recent heist.
[50:48]
Ryan Sean Adams
And they prefer bitcoin just because of what versus raw ether? Because it's, it's got more connections into the kind of the, the OTC Chinese crime, money laundering type 1.
[51:00]
Ari Redboard
That's one piece of it. That's one piece of it. The other piece, North Korea over the years has been used to using some of the services that are on bitcoin to launder funds. Some of the more centralized mixing services, obviously we saw North Korea use tornado cash for years. We see that less so today on Ethereum. So we see them do a lot of different types of use a lot of different services.
[51:22]
Ryan Sean Adams
But then ultimately this ends up off chain. So they're not keeping the bitcoin in bitcoin, they are moving this off chain through various.
[51:33]
Ari Redboard
That's right. And sometimes it takes days to get some amount off chain, sometimes it takes weeks. But we've seen it in cases where it takes months or even years where North Korea. Right. The, to me, the, one of the ways we can solve the money laundering problem when it comes to North Korea is doing everything we can to create a really strong perimeter. Right. Because the challenge for North Korea is always it's not just North Korea. These big butchering networks and cartels and others is how do you off ramp the funds? And they're looking to the weakest points to do that. Think Russia based exchanges that do no kyc that do no. That don't use tools like TRM to monitor transactions or don't care. We've seen treasury actually sanction a whole host of these services. Think Chadx and Guarantex and Bits Lotto and so many others. So we see that, we see Chinese based OTC brokers where they're trying to off ramp those funds. But to me the real question becomes how do we build that perimeter around crypto to stop These bad actors from being able to off ramp those funds. Can I give you like a cool example?
[52:40]
David Hoffman
Yeah, yeah.
[52:42]
Ari Redboard
So after Bybit, just exactly to your question, we saw the laundering, we saw North Korea move faster than ever before. It was clear to us that they had more access to liquidity than ever before. And I think that's a result of these Chinese criminal networks that are laundering the funds. And we basically said, how can we move as fast as they are? Because they were moving faster than compliance teams. That's the reality. We were seeing them move at unprecedented speed. We were seeing them do programmatic money laundering. So we reached out to Coinbase and Binance, to me, the most significant exchanges in the world, and said, how are we going to keep funds on chain? How are we going to stop bad actors from using these platforms? And we formed something called the Beacon Network. And the Beacon Network accounts for about 85% of all centralized crypto today. So think Kraken, OkX, HTX, Poloniex, Blockchain.com, crypto.com, Ripple, host of other services. But then we also added fintechs like Stripe and Robinhood and PayPal, DeFi protocols, Rhinofi one inch. And what, what we're doing is, and we married that group with about 70 global law enforcement agencies. And those law enforcement agencies are flaggers. So when illicit proceeds are moving in real time, they're flagging that address and an alert, Think Lighthouse, think Beacon goes out to those exchanges. And when they get that Beacon alert, they're required as part of their membership to block and ultimately work with law enforcement to seize those funds back. So, you know, we're definitely laying out a lot of the issues like the problems today, but I think that like we could do things differently and better. And you know, you start to combine that with some of these other ideas, right? The offensive cyber, protect the perimeter, you know, use AI in our own workflows to stop bad actors. I think you start to have like a tech driven response to some of
[54:33]
David Hoffman
this with this perimeter concept that you bring up. How does Thor Chain fit into that perimeter or break open that perimeter? What do you think about Thor Chain?
[54:44]
Ari Redboard
Yeah, I think it's a challenge that, I mean part of what works on this network like this is that you have buy in that, you know, no matter what your views are on centralization or your role in the ecosystem, that when it comes to really bad actors, we need to stop funds from, from moving off chain. We need to stop bad actors from using these services. I think Thor Chain has Clearly taken a different view of all of that. That said, I think there's probably things that we could all work on together there. You're always going to be as, you're only going to be as strong as your weakest link. And I think those weak links have always been sort of like, for lack of better, like the non compliant pieces of all of this. But I will say one thing, when it comes to that, it's like there is no one who's been sort of a more, no community of people that have been more supportive of Beacon than the DEFI community. You know, Defi Education Fund and others. You know, I've briefed members of Congress with, with those guys talking about how we can do better when it comes to sort of, you know, compliance and anti money laundering than, than we can in the traditional world. Right. If you're a, if you're a DEFI service that's a member of Beacon, we have a whole bunch today they're not working with law enforcement, right like that. That's not the nature of how DEFI works. But what they are able to do is block funds that are going to hit that platform and, and the bad actor might go elsewhere. But then what we want to do is we want to follow the money and then onboard that next service where the bad actors go. So my hope is that like we could get as many people on board here as possible to really build the most solid perimeter. But I think the DEFI community, like look, I think, I think at the end of the day it's like you want to solve problems using the technology, not overregulating the space.
[56:27]
David Hoffman
In 2024 emerging markets generated over $115 billion in annual yield for investors. With yields ranging between 10 to 4, 40%. These are some of the highest, most persistent yields on earth. The problem? DEFI can't access them. BRICS changes this built on mega eth bricks takes emerging market money markets and sovereign carry and turns them into composable primitives you can access straight from your wallet. While DeFi investors earn 3 to 6% on stablecoins and T bills, institutions have been harvesting 10 to 50% yields backed by sovereign monetary policy. BRICS connects these worlds with institutional grade tokenization, local banking rails compliance across jurisdictions and real time stablecoin settlement bricks does the heavy lifting so DEFI can finally access real collateral and structured products on top of real world yield. Even the best carry trades can be within reach. Brics brings DeFi's promise to the emerging world and brings emerging market yield to Your wallet let the yield flow with bricks. When the market pulls back, most people just wait. They hold cash, hoping things stabilize. But there's another move. And that's where Nexo comes in. Nexo is a platform built to help keep your digital assets productive. This you can earn daily interest on supported crypto assets through their yield product or get funds through a crypto backed credit line without having to sell any of your assets. So if you want optionality, Nexo gives you both sides of the equation. You can put your assets to work or borrow against them when you need flexibility. Nexo has been around since 2018 and has over 8 billion in assets on the platform and has paid out more than $1.3 billion in interest to clients globally. So if you're a new US user, there's a welcome incentive waiting for you when you sign up. Check it out at the link in the show notes. And as always, this is not investment advice, Harry.
[58:03]
Ryan Sean Adams
This is where I sort of don't have it settled in my own mind. And I'm just curious kind of what you think here. Right. So I don't think anyone listening wants North Korea or bad guys or you know, theft to happen on Chain. They, they want to see the bad guys get prosecuted. And yet oftentimes, I mean, you mentioned like things like Ethereum and Bitcoin being a double edged sword. You know something, if you take something like privacy, that also seems to be a double edged sword and cut against some of those things that you mentioned, which is being able to track and identify the bad guys. You take something like Thor Chain and your response seemed to indicate, you know, what you wish was that Thorchain would actually participate in kind of the Beacon group and help stop some of this nefarious activity. Right. And that implies maybe that Thor Chain has some centralization vectors in their protocol in which humans can intervene or inject code or kind of do that. And I'm not actually sure if they do or not. That's kind of take that as another entire podcast that we could talk about. I do know that there are some protocols where you absolutely do not have that ability. You know, one of which is, is Tornado Cash for instance, which is a privacy protocol on Ethereum. Right now we have a developer who's in a criminal case in the US about this Raman Storm. We've talked about that often. Then you also have entire networks like say the zcash network, which they sort of exist to be an encrypted version of Bitcoin. And there Is this move that, like, if you are a crypto user, don't you deserve, don't you want some level of privacy on top of your transactions? And by the way, this is a safety mechanism for legitimate use cases too. It keeps out the corporate surveillance, it keeps out the possibility of, you know, people hacking you or even wrench attacks in real life. I mean, there's some real civil liberties at stake here when it comes to, you know, moving all of your funds, being transparent and available for the whole world to see. Like, that's not, that's not a good steady state either. And so I'm wondering how you feel about some of these. We'll leave Thor chain aside, but some of these much more decentralized solutions to just encrypting all of the stuff that you know is on chain in a way that, that you can't see it, you can't track. I mean, is this just in your mind giving a gift to the bad guys? Do you see some upside here? Like, what would be your take specifically on something like tornado cash or zcash?
[60:32]
Ari Redboard
I, you know, it's, I love the question and honestly I think it's the most important question that we've been grappling with as an industry over the last, let's say, three or four years. It's interesting. I think the sanctions against tornado cash really got this conversation started in a, in a meaningful way years ago. Those conversations, those sanctions have since been lifted. But 20, 20, 21, some, somewhere in that, that time frame, look, I mean, post 911 we had this conversation right on city streets and in airports. And I think today we're having it across blockchains. I fundamentally believe that in a open financial system, people are going to need and demand privacy in order to transact. None of this works without privacy. I'm not sure I'd say I'm a privacy maxi, but there are very few people who believe more in privacy being in being able to transact privately than I do or we do. At TRM. A couple months ago, we put out a 70 page white paper on privacy, which I encourage folks to read. It's, it's awesome and it really goes into like how to leverage the technology. So I'll tell you just really quickly sort of how I think about this. First, at trm, we don't associate individuals with their alphanumeric address. We would never say, hey, that's Ryan's address, that's, that's David's address. We associate addresses with really two categories, entities. So lawful entities like coinbase or tornado cash or Uniswap and illicit activity, terror financing, sanctions, North Korea in order to get the underlying user information, that individual would have to transact with some type of centralized service and law enforcement would be able to serve a subpoena lawful process in order to get that underlying user information. So that's, that's sort of one way I think about this. I don't think we should ever be in a world where we're associating individuals with their alphanumeric crypto addresses. I think it becomes dangerous when people are associating those addresses with themselves on social media and other places. And I think we, that's when you talk about wrench attacks, that's sometimes someplace I preach about being very, very careful on. The other piece is I think we need to leverage the technology, right? I think the challenge for regulators and policymakers and all of us is how do we stop bad actors from using services like tornado cash, but allowing lawful users to use them for the privacy they need for all the things that you mentioned, right? Dissidents, corporate surveillance, humanitarian aid, quite frankly, the US government sending funds to informants in war zones. We need that level of privacy. I think the technology is the solution. And I really lean into Beacon. Beacon is just about tracking illicit proceeds and blocking them and then allowing for lawful process to play itself out. And when it comes to defi, Beacon's a great example of, there's. Of how you can maintain privacy, right? That transaction is just blocked. If it's illicit, don't let it hit our platform and then they've got to move to the next place in order to transact. So I think the technology is a big piece of this. I think the Canton network chains, like, it's just, it's, it's just one example now. And I know there's all kinds of interesting conversations around that. That's probably been a show or will be another show too. But it's not just Canton. It's like, hey, should we be building privacy chains that we allow that we build in tools like trm? Should we be doing private transactions on permission on permissionless open blockchains, but that we allow some visibility into, from, from, for, for, for money laundering purpose? So I say all of this to say we're thinking a lot about zero knowledge proofs I think could be such an important part of the puzzle. Just give enough information to let a decision be made about whether an actor is good or bad without giving up all of your pii. So I think there's a lot like I really lean in hard to the technology and definitely not over, over, over regulating the space.
[64:24]
Ryan Sean Adams
I, I do think there are a lot of technical solutions that can give a lot of people what they want. Right? Zero knowledge proofs. There's a, a riff on something like Tornado Cash, you know, people like Amin Soleimani, I Think Privacy Pool 0x Bao, I believe is, is what it's called. And what they're doing is they use a ZK proof to prove that the funds actually aren't ofact sanctioned. Right. So they don't identify an individual user, but they prove any of the funds that go into this pool from, you know, and that's a good compromise. But I still want to push you on this a little bit, which is just like, let's say you no longer have the ability at all to see any data, no government agents do nothing. Let's say it's a version of Ethereum and Privacy Maxis actually win on that. And everything on Ethereum has the ability to be completely encrypted without any, what, you know, privacy Maxis would say government surveillance or backdoors. All right, you lose this ability completely. It's, it's just like Bitcoin or Ethereum, except everything is encrypted. In fact, zcash is kind of this model when they move into sort of shielded transactions. What do you think about that? Is that a net good, is that a net bad?
[65:42]
Ari Redboard
It's an interesting world. You know, I, you know, I think when, when we first started TRM or start thinking about trm, I think one thing we knew fundamentally was that we have more visibility than we're ever going to have. You know, we, we used to talk about like how it was sort of one of these old western towns where the, where you, you could see completely from one end of the town to the other. Right. With that. And I think the vision is that we're going to have more cities. And I think we're starting to see that play out, although it's still early. And by cities I mean where there's actually infrastructure being built in a meaningful way on chain, where you can't see around every corner, where it's going to be harder to have that full visibility. Is that a good thing or a bad thing? I ultimately like am a big believer in the technology and sort of this thing playing itself out. I can't imagine a world where we've built this incredible technology where every transaction is trackable, traceable and immutable and we can't add enough privacy for individual users to feel like they're not putting their credit card statement on chain and yet at the same time ensuring that governments can stop North Korea, can stop terror financing. I'll say this, I mean, I think that this has been such a cool conversation by the way. And just thinking about the ground we've covered, we started talking about North Korea and attacking the defi ecosystem. I don't know that any of this works. I don't know that any user is going to put their funds on a service for staking investing their mortgage on chain if we believe that North Korea can attack this ecosystem at scale and steal billions of dollars.
[67:20]
Ryan Sean Adams
Agreed.
[67:21]
Ari Redboard
So I think that it's gotta be a compromise. And the compromise might, it's not about privacy or security. I fundamentally believe you could have both. But the compromise is like we need to be ensuring that we're using the tools to keep North Korea off these platforms. Both. And it's not just North Korea, it's any criminal element. But North Korea is, is, I think is the biggest threat right now when it comes to defi. But so my view is just like from a pure market perspective, people aren't going to engage with an ecosystem where they can lose all their money, you know, at the click of a button. And I think we're going to have to figure out how to sort of balance that. But I don't, but, but to be really clear, I don't think it's a security versus privacy balance. To me you could have absolutely both of those things. You know, we've never had a financial system that is anonymous and I don't, I don't believe we should, but we should have a financial system that's pseudonymous. And I think that's why crypto works so well in order to sort of like balance that privacy and security piece.
[68:16]
Ryan Sean Adams
One last question on this, which is respect with maybe a question with respect to, you know, who's responsible for this or where does the liability lie? It's been really interesting to observe the tornado cash Roman storm case. And it seems like the prosecutors, doj, Southern District of New York are making the case that he actually, you know, was involved with this and partially responsible for money laundering due to North Korea's actions because he partook in developing this protocol. Then you had last week the acting Attorney general go to Bitcoin, a bitcoin conference, and say code is not a crime. Non custodial software developers shouldn't have to sleep with, with one eye open. And there's a question of like, if North Korea uses A protocol like Tornado Cash or if they use Defi or if they use Ethereum or if they use Bitcoin. Are the developers who made these tools responsible in any way when bad guys use their tools? Have you thought about this? I'm not sure. Does your privacy 70 page paper like cover this? And what do you think the government actually thinks about this? Because on the one hand they're saying things like code is not a crime, but on the other hand they're also prosecuting Roman Storm. And so I think the community is somewhat confused as to what the US Government's perspective on this is.
[69:36]
Ari Redboard
I think there's a range. Clearly, there's, there's really clearly a range. And I, I've been actually surprised with Attorney General Blanch's statements and not just this one. When he was Deputy Attorney General, he also, he made a similar statement several, maybe a couple years ago now. And I thought that would have a huge impact on the prosecution. It clearly has not. And I think they're gonna have to sort of work out where they're really, if they're really landing on is this a policy position and to what extent are U.S. attorney's offices going to sort of need to heed it? My own personal view, I'm pretty aligned with the Attorney General with, with this caveat. And that is we need to make sure the developers aren't conspiring with bad actors in order to launder funds. Okay. So if you're building a decentralized service, non custodial, for people to use for lawful reasons, then no, you should not be prosecuted if bad actors are using your platform. Okay. But you know, there, there are great examples of this Helix, which was a bitcoin mixer that was being advertised by a guy named Larry Harmon on AlphaBay saying, hey, this is the perfect place to launder all these drug proceeds that you have on this darknet market. No, like, no, that is over.
[70:55]
Ryan Sean Adams
Like Kim Jong Un can't be your target user.
[70:57]
Ari Redboard
Yeah, yeah, yeah, that's exactly right. You know, people may disagree with this, but Bitcoin fog, similar circumstances. Okay. That, that, that service was actually conspiring on Darknet markets with bad actors in order to launder funds. This is Tornado Cash is different. And that's what, and that's what's always been such an. Why this has been the most interesting question in my mind, maybe for you guys too, in my entire time in this space, because I think there's a challenge. How do regulators stop North Korea from using a service to launder billions of dollars and yet at the same time allow lawful users the opportunity to do it. I don't think we go after builders who are literally just building tech or just building or just writing code. But at the same time, you know, I think a strong prosecution in this case, there would, there could potentially be emails saying, hey, we don't care. We're going to keep doing this. We see the funds going through. We want our service to be a place that is known for this. I haven't seen any of that type of evidence come out, but to me that's the type of evidence you would need to really prosecute a case like this in a meaningful way. Intent, criminal intent. I mean, that's, that's, you know, that's, that's what our system demands. So if you have criminal intent, I don't care what you're developing, you shouldn't, you, you should be potentially prosecuted for money laundering, conspiracy. That's different than some of these other money transmitter laws that I think also have folks concerned. But as a, just a pure, from a pure criminal standpoint, I'm most concerned with the money laundering conspiracy piece.
[72:31]
David Hoffman
We'd be remiss to not talk about some of the, the biggest current events that are happening at the time of the recording, which is.
[72:36]
Ari Redboard
Have we not what.
[72:38]
David Hoffman
Even, even more. Even more. There is a lot going on. I'm sure, I'm sure you've probably been the most busy that you've ever been with, with just like North Korea, the Lazarus Group always being persistently active. But with Operation Economic Fury out of the White House, I think there's probably also something to talk about with Iran's use of just crypto in illicit ways. Just two weeks ago, $344 million of USDT on Tron was frozen. We mentioned that We're, I think we're all kind of confused about why they were using tether on Tron, but maybe that's a different question for a different day. One of the big things that happened here was ofac directly named the Iranian Central Bank, a central bank controlled wallet on the SDN list. And so like just in the same way that like, you know, North Korea's Lazarus Group, these aren't like, you know, proxies. This is North Korea itself. We actually like sanctioned an Iranian Central bank crypto wallet. So unprecedented. Can you talk about what it was just like to be in your shoes during a lot of this activity? I think you guys are on just the front lines here. You guys have a lot of the data. What's Operation Economic Fury, like from TRM's perspective?
[73:45]
Ari Redboard
Yeah, no, absolutely. You know, it's interesting, it goes to sort of what Ryan and I were just talking about to some extent in that this is an only in crypto story, right? You're not seizing 344,344,000,000 of fiat from Iran. You may sanction the central bank which has been sanctioned for years, their entire financial sector is sanctioned. But actually enforcing those sanctions and getting back funds, that's an only in crypto type story. And you know, it's interesting you mentioned like that we're particularly busy, you know, over the last bunch of years. You know, every geopolitical issue, every major geopolitical issue in the world, everyone's want to know what is the crypto nexus. So Russia invades Ukraine. It's how is Russia going to use crypto to evade sanctions? Hamas attacked Israel on October 7th. It was, how is Hamas funding its operations using crypto? And this is the most recent example, but I think there's a fair amount to say. And that is a couple of years ago you would see IRGC sort of one off transactions, right? Hey, we, we have some funds, we want to send them, we want to try to off ramp them. Israel actually seized about 100 addresses associated with IRGC a year or so ago. We've seen a shift. And we wrote a piece on two UK registered exchanges, ZX and zxion, which actually ultimately were sanctioned after we wrote our report by the U.S. treasury Department. And essentially to me that actually showed a bit of a playbook. And that is instead of just one off transactions, Iran was using crypto infrastructure at scale. They basically were using these two exchanges to launder a billion dollars through, through them. So it wasn't just like, hey, we're going to send money, it's we're going to actually essentially use these as shell companies. At one point, you know, I want to say almost 80% of all transactions through these exchanges were IRGC related. So I think we see that. And then the Central bank of Iran is sort of just the latest example where we see essentially Iran's central bank, you know, spinning up crypto addresses and trying to move funds that way in order to circumvent the U.S. financial system. There's, there's, there's a couple other examples like this recently what we're seeing with this, with Iran, this reporting, which I struggle with a little bit around the Strait of Hormuz. Is Iran going to collect tolls in crypto? Yeah, I haven't seen any really significant Evidence of that. And we've been looking everywhere we possibly can on chain, but the fact that Iran is trying to experiment with that just shows that, like they're trying to do anything they possibly can. There was a report, there was a report today in the Wall Street Journal about the financial facilitator, a guy named Larjani that we actually name in our Zed Sex report, who actually was released from a death sentence, I think in prison 10 years ago or something in Iran, because he's so good at money laundering and he has essentially discovered crypto. So he was the one behind Zed Sex, possibly behind these central bank transactions, and he's the go to money laundering launderer for, for irgc. So I say all that to say that I think like, you know, we started with Iran, I'm sorry, we started with North Korea, we could go just as deep on Russia, to be honest. And now with Iran, we're seeing nation state actors really think through how to build crypto infrastructure. Not just like, hey, we're going to send some funds to, to this wallet address that we spun up.
[77:15]
David Hoffman
The tension that I feel might, might be there is that crypto offers the good guys, you guys, the State Department, the FBI, a lot of capabilities and information and power to get some funds back. You know, as you've been underscoring this entire podcast, like, only in crypto do we actually recover funds so directly from any of these state actors that stole it from, from, you know, innocent people. And I remember one of the reasons why the whole CZ Binance vs Department of justice story was such a big story was because CZ was looking a blind eye, I think, towards IRGC and Iranian money laundering through Binance. Well, now, now Binance has been brought to heel, you know, now Brianny's is kind of like inside the fold of the people who are providing data to the good guys, to the government. And so crypto seems to be like, as you've been saying, establishing a pretty strong perimeter around these state actors. But nonetheless, the state actors continue to use them. And so clearly crypto is benefiting the state actors in some particular way, despite how strong our capabilities are. The good guy side of things square this for me. Like, why, if, if crypto is being such a good tool for information for, you know, the FBI and OFAC and all this, how come, you know, Iran and North Korea and China and Russia and all of them, how come they're still using them? It seems like it's not actually good territory for them to do their operations.
[78:40]
Ari Redboard
In. Yeah, look, I think it's, it's, it's interesting, right? You know, the promise of cryptocurrency is cross border value transfer at the speed of the Internet. And the reality is that like for all the reasons it's such a transformative technology for remittances, for humanitarian aid, for payments at scale, bad actors all to want to use it to move funds faster and in larger amounts than ever before. The difference is that we now can track and trace those funds. So the reality is that it's always going to be this cat and mouse game that has always existed between law enforcement, right? Bad guys can now move funds faster and in larger amounts than ever before and law enforcement now is going to need to track them. I mean, I think bad guys have always been early adopters of transformative technology. And I think we're in that moment right now with crypto and maybe Even more recently, AI one of my favorite stories is that in 1908 the Model T rolled off the assembly line and in that same year we created the Bureau of Investigation, which is the modern FBI. Because policing had always been a local issue, right? But all of a sudden bad actors can move cross border, cross state lines at unprecedented speed and scale. Think Al Capone and Machine Gun Kelly and Bonnie and Clyde. And we need to create a national police force in order to run them down. I think we're seeing that now, right? It's just a new technology that bad guys can now move funds faster than ever before. And it's a bit of this cat and mouse game, this whack a mole that prosecutors talk about. But at the same time I think that bad guys are going to improve their technology and so are the good guys.
[80:19]
Ryan Sean Adams
One thing I just want to clarify is, you know, David's framing in terms of bad guys and good guys. You know, it may not always be the case that your government is the good guy. And this is the entire reason we have the Bill of Rights and the Constitution and civil liberties and things like decentralized technology like Ethereum and Bitcoin is because when the government actually becomes the bad guys, you need freedom tools to resist their badness. And you know, so far we, we, we, we've talked in terms of good guys and bad guys. I just want to make it clear that the entire purpose of this technology and this movement is to have the freedom to escape centralized authorities went as they become bad guys and as they move across that spectrum. One question I wanted to ask you about the Iran case and the IRGC specifically is why in the world they were using Tether and Tron? Because it seemed incredibly obvious in 2026 that they're just asking to get their assets frozen. And if their next maneuver is just going to be to do the thing that North Korea does, which is move their assets to something like Bitcoin. And then if they move their assets to Bitcoin and they accept the volatility, I mean, less volatile than their local currency, we might point out, much less volatile. What do nation states do as a reaction to that? So the U.S. government is the most powerful nation state in the world. I was very interested in this exchange between a Texas Republican who asked the Secretary of War, Pete Hegseth, about Bitcoin, framing it as kind of a. A matter of national security. Does he think so? And he said, yes, I do think so. And then he added this. A lot of things we are doing, enabling it or defeating it, he's referring to Bitcoin, are classified efforts that are ongoing inside our department. This was kind of interesting to me, the, the idea of defeating something like Bitcoin. And it just struck me last week that this could be the moment that cryptocurrency networks like a Bitcoin or an Ethereum are tested in ways that they haven't been tested. I mean, part of the purported value of this technology is that they have sovereignty and decentralization and nation state grade level security. And I kind of wonder if they will actually pass this test or not. And what Hegseth might mean when he's talking about defeating something like Bitcoin. So say the IRGC keeps their next $350 million in assets in Bitcoin on the Bitcoin network instead. Does the Department of War have a way to defeat that, to access that? Is that maybe what we were talking about earlier in our conversation? Like, what do you think about this?
[83:20]
Ari Redboard
Yeah, that's interesting. I quite frankly don't know what he would have been talking about necessarily with that statement in terms of the defeating piece. When someone says something like that to me, and I am not an expert on Quantum and I do not play one on tv, so that might be a really cool conversation for the show at some point, but I would say that's where my head goes immediately to that type of technology, as opposed to the way I think about it and I think about how do we harness the technology, how do we use open, permissionless blockchains in order to, do, you know, to, to, to. To go after bad actors, how do we create that perimeter to keep the funds from going off chain for the use of weapons proliferation. How do we go after Chinese money laundering networks? Right. So that, that, that's an interesting to want me. That's an interesting one to me in terms of, of beating the technology and I am not sure where, I'm not sure the origin.
[84:17]
Ryan Sean Adams
You're not aware of any kind of classified super secret way that the US government has to defeat Bitcoin in some way?
[84:24]
Ari Redboard
I don't think I'm. These days, I am not privy to any of that type of.
[84:28]
David Hoffman
If he told you, he'd have to kill you.
[84:30]
Ari Redboard
If I told you, I would have still been in the government. I think that I'm long done with that life. But I would say that like to me it's always just like, hey, how do we harness the technology? And quite frankly it's more and more AI too. You know, I think AI plays a huge role in the way we can supercharge a lot of these operations. But in terms of like defeating the tech itself, it's like, no, we need to defeat the adversary. And that's what I just like, I always come back to that, right? Like what are we doing to go after the Central bank of Iran, right? I mean literally I mentioned North Korea hacked the bank of Bangladesh years ago. Like, let's hack the Central bank of Iran, let's take the money. Right? So I think that, that that's really how I'm thinking about it always is going after the bad actors. And I was actually, I was a little discouraged even on Twitter, which I should not spend as much time on our ex. You know, there was a lot of, there's. The conversation was entirely around what drift should have or could have done or kelp could or should have done. And there's plenty, right. And I, I think bringing in cyber from, from day one is absolutely critical. But my focus was, was immediately on let's go after North Korea, let's go after Iran, let's go after Russian cyber criminals.
[85:39]
Ryan Sean Adams
That would be so cool. I gotta tell you. That would be so cool.
[85:41]
Ari Redboard
So if it happens, you know, or you keep hearing about cyber, Letters of Mark. Chris Perkins is awesome on this. Chris Giancarlo's written on this. This is not me being a crazy person talking about pirates. Like, I think there's some real. I know Tavano, there's. There's a whole handful of other folks that are very supportive of this idea and yeah, I excited about the prospect of it.
[86:00]
Ryan Sean Adams
Okay, so as we wrap this up and bring this to a close. So as I mentioned the outset. April was Defi's worst month. Maybe over 600 million in hacks. I don't know about total volume size, but just in the number. There was one hack every 27 hours. Okay, so basically a daily occurrence. And one has to think AI is just speeding up and accelerating the efforts of these incredibly talented North Korean hackers. It seems like, I mean, they are winning right now. So what does DEFI do? Just maybe summarize this. If you are addressing everybody in the crypto space, who cares about it. We just had a Defi United campaign and it was fantastic. It was a coming together of all of decentralized finance and they were trying to make the Kelp Dao asset whole, RS ETH. And they did that. They raised, you know, 300 million in commitments. That was fantastic. And I just helped. Couldn't help but think like, as great as this is and as fantastic as this is, if this happens every month, like we're not going to last. Okay? Like this can't happen again, can't happen many more times. And so in addition to Defi United being about kind of getting RS Eth claimants whole, we also have to have a Defi United for securing our space. What recommendations do you have? Like how does this get better and if there is a happy case here, what do you think it looks like?
[87:26]
Ari Redboard
Yeah, no, it's a, it's a great question. I'm not familiar with Defi United, but I love this concept because I think that's where we have to go and it should be more than kind of paying back lost funds. I'm not naive enough to think we're going to have standards anytime soon for sort of DEFI protocols or developers. But I do believe that we could come together as a community and agree to best practices. Years ago, after Colonial Pipeline, the White House actually brought together a community of businesses, the largest businesses in the world, and started talking about here are 10 bullets for what good cyber hygiene, cyber controls can look like. I think we need to do that for Defi today, whether that's through this group or whether it's through something else. So it's not, it's, it's best practices, but agree and align to them. I hope part of that is being involved in an information sharing, interdiction disruption type network like Beacon. So on the defensive side, I think it's a combo of like building out Beacon plus really, really getting granular on what Defi protocols can build from the ground up from, from a cyber defense perspective.
[88:34]
David Hoffman
I know crypto in Some ways has presented challenges towards the State Department and investigators just because of the way that it is. But as we've underscored throughout this entire podcast, it also gives them some tools and some assets and information that they didn't. That they don't have in the trad financial world. Do you think these, the state, you know, FBI, CIA, ofac, treasury, do you think they are actually kind of pro moving on chain in the sense that let's get all the people on chain because it's actually a better substrate for us to do our job if more of global finance moves on chain. Do you think they think that?
[89:13]
Ari Redboard
I do. I also think there's a certain inevitability around it. What's interesting to me, and I think that this is a very this moment state, every major law enforcement agency, many in the world, but certainly every U.S. federal law enforcement agency, think FBI, IRSCI, DEA, Secret Service, Homeland Security Investigations, they all have a cadre of investigators who are sort of power users of trm, who have all the tools and the training and the true experts. I think there's. I believe, I think you guys do too, that there's inevitability about this space. Right. Just in the last year with institutional adoption and so much happening and we see more activity moving on chain that means like, it can't just be a cadre anymore. It has to be like every investigator has to have the capabilities because every crime is a financial crime. And that means every crime is going to involve crypto in one way or another. So my view is that like, yes, but they don't have the resourcing necessarily today that they need if that's the direction we're headed in.
[90:10]
Ryan Sean Adams
As much as I don't like North Korea and I appreciate the work that you guys are doing to catch the bad guys, I got to say, I don't know how encouraged I feel that the CIA and FBI wants us all to come on chain. Okay. So I will voice that at the end of this podcast. That trust definitely needs to be earned there. But Ari, thank you so much for joining us today and telling us all about what is going on in crypto and for your work to catch the bad guys. We appreciate it.
[90:36]
Ari Redboard
Hey, love joining you. Thank you for the conversation.
[90:38]
Ryan Sean Adams
Gotta let you know, Bankless Nation, of course, none of this has been financial advice. Crypto is risky. You could lose what you put in. But we are headed west. This is the frontier. It's not for everyone. But we're glad you're with us on the Bankless journey. Thanks a lot.