Join War on the Rocks and gain access to content trusted by policymakers, military leaders, and strategic thinkers worldwide.
On Feb. 21, 2025, North Korean state hackers linked to the Lazarus Group pulled off the largest digital theft in history, stealing around $1.5 billion worth of Ethereum from a cryptocurrency exchange called ByBit. It remains the biggest digital hack ever recorded in terms of value stolen, and the most audacious operation yet from Pyongyang’s cyberwar arsenal.
This wasn’t a routine theft. It was a strategic strike. Lazarus hackers exploited a compromised multi-signature approval system to hijack Ethereum during a scheduled wallet transfer, quickly converting and scattering the funds to avoid detection. For North Korea, it wasn’t just about profit. It was about weaponizing cryptocurrency in a global geopolitical contest, where the underlying payment networks and infrastructure that move money between financial institutions double as weapons systems, and code is a tool of coercion.
Cryptocurrency, once just a niche financial curiosity, is now at the forefront of economic warfare. For the national security community, the challenge is to recognize that crypto will only grow in importance as a channel for moving value globally and to develop new ways of generating intelligence and taking action. In this arena, year-long investigations and slow-moving cases will no longer keep pace with the threat. This latest Lazarus hack brought that urgency into sharp focus earlier this year.
In an era when financial networks and digital infrastructure are contested terrain, the old divide between government and industry capabilities no longer works. Meeting the speed and scale of today’s threats demands public-private partnerships built for active engagement — not just contracting or intelligence sharing. We have a commercial interest in this, of course, but the precedent exists: centuries ago, sanctioned privateers extended a nation’s reach far beyond its own fleets. A modern, digital form of that partnership could do the same in cyberspace, disrupting illicit networks before they can move or hide their gains.
How Cryptocurrency Works and Why It Matters in Geopolitics
Cryptocurrency is a form of digital money that operates on decentralized networks, called blockchains, which allow users to send, receive, and store value without relying on traditional financial institutions — commercial banks, central banks, or financial services companies. Instead of being issued like fiat currencies by central authorities, cryptocurrencies like Bitcoin and Ethereum are maintained by distributed computer networks that validate and record transactions publicly. To access and manage crypto, users typically rely on platforms called exchanges, which act as on-ramps and off-ramps. Exchanges allow users to convert between cryptocurrencies and government-issued currencies like U.S. dollars, or swap one digital asset for another. While many exchanges follow regulations and conduct identity checks, others operate with little oversight, creating havens for illicit finance and turning otherwise neutral digital infrastructure into tools of geopolitical consequence.
North Korea Moves Funds Through eXch
The funds stolen by North Korea were funneled through a platform called eXch, a self-styled “no-know-your-customer” (no-KYC) service that, unlike conventional cryptocurrency exchanges, operated more like a “crypto mixer.” This means that rather than enabling trades between crypto and fiat currencies, eXch pooled deposits and redistributed them across a web of wallets to obscure their origin. Its homepage proclaimed “Privacy is not a crime,” tapping into the libertarian ethos of the crypto world. But that posture, while appealing to privacy advocates, also made eXch a magnet for threat actors, including hostile state-backed groups seeking to launder massive volumes of illicit funds without scrutiny.
The crypto community pleaded with eXch to freeze wallets linked to the ByBit hack. The platform’s operators refused, brushing off concerns as “FUD” (crypto slang for fear, uncertainty, and doubt) and claiming that the community’s anti-money laundering data was simply “outdated.”
Then, on April 24 of this year, the pseudonymous administrator of eXch, known only as “Johann,” posted a brief shutdown message. It read: “We are the subject of an active trans-Atlantic operation. Friends in the intelligence sector advised immediate closure. Goodbye.” Two weeks later, German special agents kicked in eXch’s door and seized its European servers. What happened? What was the “active trans-Atlantic operation” and why the sudden change of heart?
Unconventional Tactics for Modern Threats
Traditional U.S. financial crime tools such as grand jury subpoenas, mutual legal assistance treaty requests to foreign governments, and lengthy asset-forfeiture proceedings were never built for an era where a single mouse click could direct billions towards an adversary’s nuclear budget. Today’s financial crimes buy warheads, not yachts.
The U.S. government knows this and is adapting. The old playbook — raid the boiler room, seize the servers, wait for a grand-jury indictment — is hopelessly slow against adversaries who can move in minutes. As a result, the Department of Defense (with some private partners) is quietly pivoting, ditching the white-collar toolkit, reframing the problem as a national security threat, and then responding in kind. Tucked into the 2024 National Defense Authorization Act was the guidance: Treat illicit financial flows as strategic economic aggression. The whole national-security apparatus, not just Treasury’s Financial Crimes Enforcement Network, no longer the Securities and Exchange Commission, should lead the fight.
The Treasury Department and the National Security Agency are now co-located on crypto threat desks, pairing financial expertise with cyber intelligence. U.S. Special Operations Command now treats high-risk crypto mixers with the same operational planning it applies to a terrorist organization’s infrastructure. Risk intelligence firms like Inca Digital fuse AI models, social media analysis, and blockchain data to identify bad actors. Instead of drawn-out subpoenas, the first knock on a rogue exchange’s door might be from someone other than the police.
The message is clear: If you launder for a U.S. adversary, you’re no longer a compliance problem. Instead, you’re a national security threat, and the response might be from a special operations unit rather than through diplomacy.
Digital Economic Warfare
Economic power is one of the four traditional instruments of national power: diplomatic, informational, military, and economic. For decades the “E” in the power toolkit sat mostly idle compared to its “DIM” peers. America flexed its muscle through raw force in World War II, Vietnam, and Korea, then leaned on intelligence and information and digital warfare throughout the 1990s and 2000s.
Today, economic power remains relatively old-school: imposing sanctions, levying tariffs, and intercepting international wires. Now, though, internet money has welded software to capital, re-imagining economic power as the ability to transport billions of dollars from retail wallets to nuclear arms programs in seconds.
Every era rewires the tools of power. The world went from prop-driven fighters to supersonic jets, then to satellite-guided drones that can strike from miles away. Economic warfare has followed a similar staircase: 19th-century blockades starved ports; Bretton Woods and the dollar standard let Washington throttle entire economies without firing a shot; Society for Worldwide Interbank Financial Telecommunication (SWIFT) exclusions in the 2010s turned the underlying payment networks and infrastructure in banking into geopolitical tripwires; and freezing Russia’s central-bank reserves showed that even sovereign vaults weren’t off limits. Now the new payment networks and infrastructure in crypto introduce the next inflection point and a new way to move money at light speed or, when targeted, be flash-frozen mid-transaction. Each technological jump collapses distance, shortens decision loops, and widens the gap between those who adapt and those who fight the last war. Lightning-fast financial rails with a lightning-fast response: No subpoenas. No headlines. No negotiations. Swap around and find out.
Long before badges showed up at eXch’s European servers, the takedown was already in motion. The U.S. national security apparatus had likely made clear, through channels far more forceful than polite blockchain community requests, that consequences were coming.
eXch isn’t the only recent example. In June, Iran’s largest cryptocurrency exchange, Nobitex, was infiltrated and compromised in what was assumed to be a politically motivated operation. A hacker group known as Gonjeshke Darande (Predatory Sparrow) claimed responsibility for the attack. The group sent over $90 million in various cryptocurrencies to “vanity addresses,” which contained public keys with anti-Islamic Revolutionary Guard Corps messages embedded within them. The operation took place amid broader cyber attacks targeting Iranian financial infrastructure, such as state-owned Bank Sepah.
Crypto Gets Taken More Seriously
The battle lines have shifted: What once prompted regulatory inquiries now triggers targeted operations. For the 99 percent of builders trying to innovate, this is a lifeline, bad actors draining liquidity and trust are finally meeting consequences.
Policymakers should begin building dedicated capabilities to address fintech and cryptocurrency as they become increasingly important features of geopolitical competition — a shift the Department of Defense has already signaled with the creation of its Economic Defense Unit. Even so, government responses will inevitably lag the pace of innovation, making it essential to explore more adaptive models. History offers precedent: During earlier eras of maritime conflict, privateering gave state-sanctioned private actors on the high seas a direct role in disrupting adversaries’ operations. In the crypto era, a digital privateering could enable private sector participants to act decisively against illicit networks, not just provide intelligence. This idea may seem unconventional, but in an environment where adversaries weaponize financial rails at machine speed, unconventional tools deserve serious consideration.
Crypto still loves its inside jokes — dog coins that moon, pixelated apes in sailor hats, we’re all gonna make it, buy the dip. But as the bull market comes back, the ground beneath is shifting. Defense analysts now watch block explorers the way radar technicians scanned the skies, and hostile regimes see magic internet money as digital enriched uranium: a key ingredient for their aspirations. What started as a playground for financial innovation is now treated as strategic terrain by world powers. The gap is widening: What you see as building the future, others may see as a national security node — and they’re preparing as such.
Adam Zarazinski is Chief Executive Officer of Inca Digital, a fintech intelligence firm that supports financial institutions, the Department of Defense, and other U.S. government agencies.
Bruno Faviero is the Chief Executive Officer of Magna, a digital asset management company that manages digital assets for crypto-native clients.
Image: Midjourney
