THEOS Cybernova
THEOS CyberNova is a cutting-edge podcast that explores the dynamic world of cybersecurity, hosted by THEOS Cyber CEO Paul Jackson.
Each episode delves into the latest trends, challenges, and innovations shaping the cybersecurity landscape, featuring insights from industry experts, thought leaders, and technologists. Paul brings his expertise and passion for cyber security to engaging discussions on topics ranging from emerging threats and data privacy to the future of AI in cyber defense.
Whether you're a professional in the field or simply curious about staying safe in the digital age, THEOS CyberNova offers an invaluable insight into the world of cybersecurity.
THEOS Cybernova
Jussi Aittola: The Truth Behind Crypto Recovery, Scams, and Nation-State Attacks
What if stolen crypto is not gone forever? In this week's Cybernova episode, Paul Jackson speaks with Jussi Aittola, Senior Partner and Country Head at Sphere State Group in Singapore, about the real mechanics of modern crypto crime, from industrial romance-investment scams to a 20 million dollar wallet breach linked to a nation state.
Jussi explains why crypto recovery is more possible than most assume and how bridges, mixers and automated laundering scripts still leave a trail for skilled investigators.
A sharp and eye opening look at digital asset investigations for cybersecurity and DF/IR teams across APAC.
Production Credits:
Presented by: Paul Jackson
Studio Engineer & Editor: Roy D'Monte
Executive Producers: Paul Jackson and Ian Carless
Co-produced by: Theos Cyber and W4 Podcast Studio
This week on the Theo Cybernova podcast.
SPEAKER_01:Crypto is uh recoverable. It is difficult, uh, not impossible. I have lost money to crypto hacks. 100% they're the full-run companies, they have the leaders, directors, just like in any other business company, and and they make uh hundreds of millions of dollars. Cryptocurrencies they give you an unprecedented transparency compared to traditional finance.
SPEAKER_00:The Theo Cybernova Podcast, hosted by Paul Jackson.
SPEAKER_02:Welcome to yet another episode of Theo Cybernova Podcast. In season two, I'm delighted to welcome to the show Yussi, and I'm not even going to try and pronounce your surname, but uh Yussi, uh, thanks so much for joining me all the way from Finland. Oh, wait, not Finland, but you're in Singapore nowadays, right? Yes, that is correct. Thank you so much for the welcome, and thank you for having me, of course. Oh, it's a it's a real pleasure. I've only got to know you fairly recently, and uh and yeah, I've uh you know seen that we have quite similar backgrounds.
SPEAKER_01:Um you uh ex-law enforcement, right? Did a stint over at uh National Bureau of Investigation in Finland, uh based in the FIU and in criminal intelligence. So yeah, law enforcement, FIU, so combined of like investigations and financial intelligence and criminal investigations. So very interesting path to that led me here where I'm today in Singapore. Right.
SPEAKER_02:We'll talk a bit more about that as we go through the conversation today, but I'm gonna start by asking the golden question that I always get asked when when crypto scams or crypto hacks take place. Are the assets recoverable? Because the general consensus is that once you've lost your crypto, it's gone and there's no chance of getting it back. So what's the what's the truth?
SPEAKER_01:Uh well, it's a very, very good question. And unfortunately, there is no simple answer to it. But yes, crypto is uh recoverable. It is difficult, uh, not impossible. It depends on so many different like integers in the in the mix, like how many spoons there is in the soup as said. So speed of the uh recovery efforts, uh, the quality of the evidence you have, cooperation public and private, and and of course the public and private plays a very big role uh in in criminal investigations, as many of the frauds are are like uh related to investment frauds. Uh, I would not like to say pig butchery scam because it's called more of uh romance investment scams nowadays, based on new terminology, but business disputes and so forth. Crypto is difficult to recover, but it's recoverable. And with the help of many of the industry players, uh it has been uh made a little bit easier than it used to be.
SPEAKER_02:That's fascinating. And I I I'm really looking forward to digging into that a bit more with you later in this conversation. But I'm gonna start by just asking, uh, going back to what you just mentioned about being in law enforcement, what what made you make the move to the private sector and how the hell did you end up in the crypto space?
SPEAKER_01:Well, the crypto space, how I ended up there was actually I first landed in the crypto space and then law enforcement. But my back in my background, uh I used to work very closely with the public sector, anyhow, doing security, doing uh like reservice stuff and and so forth. And uh then the opportunity came uh before the FIA AMLD uh in the Finnish NBI that they were looking for a crypto expert who can help them to build a FIA AMLD. Uh like it was going to the European Parliament at the time, so the FIMD directive, and of course, after that, also the implementation of local legislation into Finnish law once the FIA AMLD comes into force in Europe. But how it happened, they really, really needed crypto uh training and stuff like that in the police, so kind of wandered off also doing uh criminal investigations and so forth. But all in all, my crypto background started almost 16 years ago, next year 16. Yeah, incredible journey. Uh, I've been in criminal investigations 10 years. And yeah, so I started as a hobbyist, you know, uh playing around with mining, doing Bitcoin mining, even with my laptop back in the days was profitable. So it was quite interesting and like working in the securities, cyber investigations, cybersecurity. I already lived in Thailand when I was younger, doing government cyber and government cybersecurity. So kind of all things came into a place when they were looking for somebody who had expertise in the field of crypto, and and and of course, that's how I ended up in the police. But like all in all, the 15 years, I'd seen quite a few ups and downs on the in the industry and bear and uh bear and bull markets uh on and off. Yeah, so look, I'm intrigued. Do you really need to work? You must be a crypto billionaire by now. Everybody needs to work, you know. Uh it would be boring without doing something you are passionate about. And like being so long in the industry. I have been personally uh I have lost money to crypto hacks, and and I have also been investigating quite a few. I've been uh probably scammed a few times, and and like making the industry safer for all of the user is uh something that I'm quite passionate about. So uh being able to recover, help victims of crime is of course an amazing opportunity. And how I ended up in the private sector was of course I started to work with Chainalysis and was head of investigations there. So very closely uh working with the police and supporting them in investing their investigations, training them how to investigate, seeing the actionable results, uh how how they succeed in cases and how they learn. So I'm quite passionate about uh helping the industry and helping different like agencies and people to uh investigate uh crypto-related incidents.
SPEAKER_02:Well, that that you know, the your admission there that you've also been victim of scams and frauds uh must actually give some comfort to those who are listening who've also fallen victim uh in some form, because it's not easy, is it? Yeah, uh I mean, you know, some people say, well, how could you be so stupid to fall victim to a scam? But these guys are clever, aren't they? The the the fraudsters, the criminals. Super clever, right?
SPEAKER_01:Yeah, well, in my case, it was like not so much about like investment or or that kind of fraud or just playing up scam, which is of we we have this gandemic assay. Uh, but like in my case, it was like back in the days I was actually uh acquiring crypto miners, and this one company came up with new product. I invested a small amount, but the product never delivered, so it was kind of a fraud the whole thing. Uh, some of the people who have been in the mining industry longer remembers maybe Butterfly Labs, uh, when they were doing their first uh F PGA miners, there was a sudden spike in the Bitcoin mining like efficient or the Bitcoin mining difficulty, which kind of give people clues that maybe they're using those miners before shipping. And later on, it actually turned out to be true that they use the miners themselves that they funded with people's money to develop to kind of build out uh their machines to like mine themselves some uh bitcoins and and so forth. So, yeah, uh there's all kinds of scams when you come to like unregulated kind of money, as I very loosely would say it's unregulated money still, but like there's different like scenarios and and like victimizing, of course, is the worst thing that can be done. And that's why I also like why in the poll wanted to say uh like send a message that we shouldn't use in victimizing terms when people fall far for different kinds of uh frauds or scams, because that always makes the barrier to report higher. So yeah, anybody can fall for a victim and and the people just unfortunately fall for different kinds of, let's say, frauds and scams, uh a little bit without thinking where they're putting their money. They just see the high returns and high high investments that they can make a lot of money on and make hasty decisions without doing proper research.
SPEAKER_02:Yes, I think you're right there. That you know, obviously we both worked in law enforcement and victim blaming is never the answer. Um just gonna pause a second there and just say to uh anybody listening at the moment who's enjoying the these conversations to uh like and and subscribe our podcast because uh it does make a difference and it gets out to more people that we're able to help and to advise. So uh please do click that like or subscribe button. We promise it's not a fraud. But uh let me go back to a point you just raised about working with law enforcement. Because that's critical, isn't it? We can't do this alone in the private sector, and we need to collaborate. And this I know it's a cliche, the public-private partnership terms, but I get asked at conferences quite a lot that uh why is it that law enforcement seems so helpless when it comes to investigating crypto frauds and and thefts? And uh the general consensus is that law enforcement doesn't seem to really care, you know, because it's a it's an overseas problem, or you know, uh the the success rate of investigating it is so minimal or so low that it impacts their overall metrics of you know success in in policing. Uh what are your thoughts around law enforcement and their capabilities and their effectiveness?
SPEAKER_01:Yeah, that's a very good question. You you also come from law enforcement, so you'll understand when you have 200 plus digital asset cases on your table, you just don't have the time to investigate every single second something moves or something is transferred. There's just the backlog uh is so big, uh they're overwhelmed. MLAs take years to go through the system, so mutual legal assistment requests, they go always through the justice departments and and so forth. Uh, luckily for me, when I was in law enforcement, I was stationed in the FIU, and we of course have the ECMOT network and other methodologies that we are able to receive intelligence quite uh quickly, even abroad. But I also like think in many cases it's cost of the investigation putting the efforts into investigate every single small instant, but like collectively try to like group the cases into similar buckets and investigate from there to find common methodologies and common like operations. On the other hand, like crypto requires so specialized tools and training. So many of the police don't even have the funding for this, and the training takes quite a lot of time. So I've been in investigation space for 10 years and I still don't comprehend everything that is going on there and happening. So yeah, it is a very difficult question. But usually when there's cross-border crime, that also puts different kinds of regulations that the law enforcement needs to follow in place. And typically the first like uh milestone is there that certain criteria of loss need to be satisfied, which quite often is not, because it might be depending on the jurisdiction,$1 million,$5 million,$10 million. So when even the biggest exchanges are like located just, for example, in the next country, it's still cross-border crime and it needs cross-border efforts and this and that. So it's it's very difficult for just like jumping into every single case immediately. They're drowning on cases, of course, but then again, like some of my most successful cases came through like thinking outside the box. So back then, of course, there was no regulation in place, but like coming from law enforcement and and reaching out to many of these companies who now, of course, have uh centralized platforms to do that. Back then there was none. So you needed to know somebody who knew somebody who could point you to the right direction, or you already had a contact. I done recoveries even by sending email and sending a documented and stamped seizure warrant uh via email to some of the exchanges and being able to recover funds. So sometimes, if, for example, the jurisdiction the law enforcement is operating at allows something like this, uh then the recovery possibilities are of course much higher than in just like straight up uh international law enforcement uh communication channels. So it depends on the case, but like I would say that the biggest issue is that they have so many cases, as mentioned. There's already a terminology for this, like it's gandemic. So everybody knows that it means that it's so many millions of cases and highly professionalized gammers out there. So it's very difficult to keep up with the pace of work that they are uh currently receiving.
SPEAKER_02:Hmm. Yeah, that's interesting. And and you're you're actually well based, aren't you, really, being in Singapore? Now, which uh must give a plug to your company, Sphere State, who do excellent work. I mean, I know some of your team, obviously. I go back quite a long way with some of your team, and I know how good they are at investigating. But you're well placed in Singapore because you're right next to the Interpol cyber headquarters, right? Uh so do you uh do you have relationships with them? Uh, you know, in in because you you talked about cross-border issues and and really that's or transnational issues, and really that's the crux of why investigating um you know crypto frauds and scams, etc., is so challenging, right?
SPEAKER_01:Interpol, UNODC, these multinational agencies, they do a lot of uh events and training for law enforcement at Interpol. They do it here in Singapore, they also do a lot of that around across AIPAC. So I think these like large organizations like UN and Interpol, Europol and and uh so on, they do an amazing job of sharing the knowledge, doing workshops, uh doing training. Also, of course, they have their own action days and they do a lot of action around these main and larger kind of institutionalized criminals already. They have so many hats to wear, also at Interpol. Uh, crypto is just one of them. Uh, of course, it's a very good center of knowledge, a very good center of sharing knowledge. And of course, they also have uh quite a lot of good ways to help you in cases. So, of course, we work very closely with them and we share intelligence with them. And sometimes you need to reach out to them that, hey, I have a case in Country X. Can you help me to put uh me through to the right uh officer in that country? And they help very often to uh support those cases because they kind of know that the the officer will get free training on top of that.
SPEAKER_02:Yeah, that's a very good point. That's a very good point. Uh before we move on to uh talk perhaps about some of the most common types of crypto fraud you're seeing. Just a quick one on your your company, uh Sphere State. Where does that name come from? Sphere State.
SPEAKER_01:You know, we are spearheading uh many things, and and and then of course crypto investigation is just one part of the company because it's spear state group. So we have different categories, what we do and where we uh are located at. But like I lead the crypto investigation function for us. Uh, we also do traditional business uh disputes, litigations, traditional financial investigations, we do uh asset uh searches, physical assets. So kind of that is the good combo from the crypto space also to the physical asset uh world that if we have a suspect in Country X and we want to identify what kind of assets that person is having, what kind of lifestyle they are doing, and so forth. So if you're able to identify 100% that this person is behind, for example, this crime, we are also able to then to use some of our on-ground people to identify like probable assets that belong to this perpetrator. So we kind of combine the on-chain and off-chain elements to the investigations, which of course helps then the end victim to hopefully recover some of their assets that they lost in different scenarios. Right.
SPEAKER_02:And uh I think our regular listeners are now probably starting to join dots as to why you know we ke we know each other, et cetera. Because um obviously here at Theos we do deep dive uh technical investigations into hacks, breaches, incident responses, et cetera. But we don't do we don't follow the funds. You know, we have to rely on true experts like yourselves to follow uh stolen assets, be they crypto or or um or or normal normal money.
SPEAKER_01:Um yeah, and this happens more often than you think. Like we have clients from like even the bank industry who has incidents, cyber incidents where funds are lost in either traditional field money or even nowadays in crypto. So if people lose funds to regular like uh opportunity scammers or investment frauds, but so do big institutions also. So that's why we kind of need each other there. There's so many uh separate fields to specialize in, like in the cyber side, in the cybersecurity side, on like the real life and real events that happen, like if people walk into an office like the physical side. And then of course we have the crypto side where we trace the funds on chain and what happens on the blockchains.
SPEAKER_02:Yeah, no, it's super important. I'm glad that you are based out here in Asia because uh there's a lot of victims out here that need help from a company like yours. So let's let's talk about these frauds. So um has this really evolved, or are we just seeing the same old techniques that are still effective? Or what what are you seeing most commonly in in crypto fraud at the moment?
SPEAKER_01:Yeah, so these uh romance investment scams, of course, have been professionalized. So it is big call centers, uh big like professionalism behind it. Uh sometimes even there is a little bit of protection of these kind of like uh super institutionalized and and I would almost say companies that run these operations. Because we we are aware that they are also sometimes even nation uh backed, that there might be nation-state actors that run these centers that do 24-7 investment frauds, investment platforms, romance investment hybrids, off-chain-on-chain brokers, and so forth.
SPEAKER_02:Yeah, and and you know, we talk about organized crime, but it truly is, when it comes to the cyber world, truly is organized, right? Um, you know, they're they're structured almost like um, you know, your your average company, you know, with with HR, with recruitment, with uh, you know, uh CFOs. And uh it's you know, when I've seen insights into uh these organized crime groups that commit these types of romance uh scams, etc., and uh and and other types of fraud, it it it really is quite uh staggering how how well set up they are and how how professional, if you can call them that as criminals, but uh in what they do. 100%.
SPEAKER_01:They're full-run companies, they have the leaders, directors, just like in any other business company, and and they make uh hundreds of millions of dollars. Yes, they do.
SPEAKER_02:And uh yeah, that's well half the problem, isn't it, when we're battling this uh you know, such well-organized and structured um uh entities. Uh could you describe uh um uh uh a challenging investigation that you've worked on and what made it made it kind of complex?
SPEAKER_01:Um yeah, I can kind of not describe what I can describe in in general ways, but like yeah. Anonymize it, yeah. Um typically, like uh I can use a loosely tied uh connection to a real life case where actually a private individual uh fell into a hack, and this hack was actually done by a nation state. So it was quite intriguing to see that these nation-state actors also target individual wallets. And that was very surprising because the funds didn't move for quite some time, but once they start to move, uh I was very quickly able to identify which nation-state attacker was behind this because of the money laundering typology. So we have cross-chain uh hopping, so we go through uh bridges, uh, we go even through some of the mixing uh services. So mixing services, of course, being those that obvious case the source and destination of funds. Uh, some of the bridges actually do quite similar things, but you're kind of able to track them where the new funds have been issued and where the funds are being distributed after uh the new funds have been issued. Um, some of them are highly uh like automated, which of course makes the tracking ever so more difficult because the funds move so quickly through this whole process. So the whole money laundering typologies and layering techniques and structure are automated, which will take then a manual investigator much more longer time to figure out. Of course, we have built some internal tools to be able to detect and to be able to kind of identify some of these typologies uh as they move, but it is still like uh a very probabilistic uh approach. And and when you're going through uh like multiple blockchains via different bridges uh using automated and manual uh typologies, it's it's quite difficult to stay track on the real actual assets that were either stolen or fraud, defrauded. But in this case, it was actually uh stolen via uh a malware that was installed uh within uh an actually it was an iPhone, so it was even more surprising that the malware was within an iPhone, and when the person backed up their crypto wallet, the seed praise was stolen during the backup process, and he had that person uh had more than uh like 20-ish million dollars in that wallet, and that the laundering process then enabled us to identify that it was actually a very well-known uh nation state actor. So to me, it came as a surprise that they also uh do this very kind of low entry level tests, uh, but like the sophistication came through the malware that was actually installed on an iPhone, which is not that easy if you uh know about cybersecurity that getting a malware into an iPhone or even an Android is not that easy. So the complexity maybe is more from first identifying how the MO was done and how it was compromised, uh, then of course parallel laundering paths to see it going into bridges, uh mixers, uh, which is of course uh uh obfuscation techniques. Uh then you need to build custom tooling to identify some of the demixing flows. Uh that, of course, uh is a little bit easier nowadays with the help of some sophistication within the LLMs and some of that that can be done, like decompiling uh some of those laundering paths with uh like an LLM makes the job a little bit quicker. Uh but then once you have identified and been able to decompile the obfuscation uh techniques and trails, then comes the international cooperation between exchanges, potentially law enforcement. Uh is the person going to law enforcement, are they going down the civil court route and delays and uh relying on the goodwill to the exchanges to keep the funds frozen or the seizure or complementary freeze in place? That is also uh quite time critical. Uh so it's always like a multiple different uh fees need to come together, but like when you do the tracing properly, not relying too much on some of the automation tools that are out there, that you're actually able to uh definitely say that these are the actual funds, like with the last in first out trace or first in first out trace, instead of saying that the this address is somewhat involved based on aggregated heuristics. So attribution is possible uh of course because of the matching the patterns to previously known laundering uh techniques and and and paths, but also a lot of collaboration within and uh within the industry and also again with the private and public sector cooperation. Uh that is pretty much most often how we lead to successful cases.
SPEAKER_02:Well, that all sounds very easy. Yeah. No, but uh joking aside, um, are you getting good cooperation from the exchanges? Because I guess there's those that cooperate more readily and those that maybe a bit tougher. Is that is that because that's the key, really, isn't it, to on on uh to getting funds restored, you know, is is the cooperation really of the exchanges.
SPEAKER_01:I would say like um again, the industry has uh evolved quite a bit in the past 10 years. So, like I said, back in the day, sending an email with a seizure warrant with a couple of stamps from the DCI would uh uh be enough. Uh nowadays, of course, we have regulation, we have uh PII uh regulation in place, uh we have uh exchanges have been more institutionalized and they need to follow like different kinds of uh set of rules. So, of course, that makes it a little bit more challenging. Uh some of the exchanges uh are not so accepting to uh private sector investigators to like do complementary freezers than others. Uh but typically when we work on a case, the almost the first thing what we do is identify uh uh investigator within the jurisdiction where the victim is to get the law enforcement, or uh if they come through uh um law or legal firm, then we might already have some civil court orders in place that helps, and and then you can reach out that hey, there's a civil court order coming from this and that. Uh of course, some of the exchanges are uh much more uh willing to cooperate still on on uh good uh faith uh uh like than others, but then again, um it so much depends on the case and for example the publicity of the case, how willing they are to cooperate. But it's a very delicate balance because they also have their set of rules and and their set of legislation that they know they need to follow.
SPEAKER_02:I agree, agree. Um you you you raise an interesting point about the legal side of things, because obviously uh often we need to involve law firms in this. Do you do you have go-to partners in in law firms that you know have got the right expertise in in this uh uh space?
SPEAKER_01:Yes, we work with many uh of the big law firms throughout Southeast Asia, and and we have gotten very good results with them. And again, it depends on the amount of expertise required, what type of case it is, and what kind of like funds and amount of funds were lost. But we do have very good partners within the legal community and we work with the many of the biggest law firms throughout Southeast Asia.
SPEAKER_02:Oh, that's very good. Yeah, because I often get asked this question which law firms are are the best in in terms of uh understanding what is a very complex um, you know, issue. And uh I don't know if you want to name any, you probably don't on the podcast, but certainly anybody could reach out to you if they are looking for legal uh help, um, unless you do want to name any.
SPEAKER_01:Uh yeah, so let's say that I I always try to be neutral and respect all of our uh partners and all of our uh clients also. Uh it depends so much on the case. Uh in some cases, people reach out to me that, hey, I need want to do this and that. What law firm might be the best for us? And can quite easily say that you don't need a law firm. I can write you the documentation you need. Or then okay, you need a civil court order from uh this and that uh place. Uh, this might be the best solution for your like budget and for your loss or for your case. For it so it it so depends. But like we work with all of the big ones and and all some a lot of the smaller ones also, and and we're happy to work with the ones that need. So uh like it's it I think would say that like uh we're gonna be talking about tools soon. Uh there would be a good uh uh bridge to build here that uh you need to be tool agnostic that you're able to reproduce those results dependent on which way you go, left or right.
SPEAKER_02:Well, that that's a good segue into the tool side of things. I mean, uh tools, just like us in DFIR forensics work, are critical, right? Getting the right tools. Very often here at Theos, we script our own. Um we have a very talented uh DFIR lead who uh who knows how to uh uh to that speed is important and we get the best results through uh tweaking uh our our own versions of tools, etc. And I guess some similarities there, that there will be tools that are off the shelf kind of thing, but there's also uh you know the ways that you adapt to your in your own work. Am I right?
SPEAKER_01:Yeah, so the tool industry, when I started um in the investigation space about 10 years ago, um it was quite narrow. So there was only a couple of tool providers, some upcoming that are already gone and so forth. But nowadays there's at least 10, 15 different tool providers, and they all have their own strengths. So it depends on what you're looking from from a like a budgetary need, uh what you which market areas you're looking at, because some of the tools are stronger in different market areas, even. Localized data, localized um like over-the-counter trading platforms, localized uh like uh all synth on like dark net markets and dark net uh industries. Uh some of them have better data on Europe, some of them have better data on the Americas. So again, it depends on the requirements of yourself. Uh I have used pretty much all of the tools out there. In in and there's of course, like I would say that there's like tier one, tier two, tier three tools. Uh and like I said, I want to be very tool agnostic here. I'm not gonna be promoting any tool specifically, but like again, it depends on your needs. Uh, some of them are very highly technically sophisticated that you can do very, very accurate tracing. Uh, some of them have amazing uh knowledge of entities, uh, some of them have very good other capabilities, but of course, some of them also come with a very high price tag, some comes with a bit lower. Uh, the I would say, as general, the crazy pricing of tooling those days are over. And as there's so many tools out there, uh, it's getting very competitive, the space. So many of the tool providers have needed to drop their pricing, and also the price point for getting a reliable basic level tool is somewhat uh reasonable nowadays, so you don't need to spend like 100 grand getting one tool, but instead you can get uh pretty good tools for like 10 or 15 grand per license. But it's still quite expensive. And I said, I said uh when law enforcement needs tools, they typically need more than one or two licensees. They might need like 50 or 100 licensees, so at the end of the day, it still comes very costly.
SPEAKER_02:It does, it does. And there's so many parallels between the work we do, you know, the top tiers you mentioned, the the the other tools that are um are nice to have kind of thing uh for specific cases. But it's really at the end of the day, though, I think to draw a line under this conversation, it's about the people using them. And it's about you know being able to make the right decisions on the right tools for the right investigation. And, you know, I I don't think I'd recommend anybody to go out and buy DFIR tools in the same way I wouldn't recommend them to go out and buy crypto investigation tools. I would say go to the right people to help you who know how to use them properly and get the best out of them. So switching gears, um uh uh North Korea, right? We we frequently uh seems to be uh synonymous with uh crypto frauds and thefts in the news. Um how accurate is this and uh what can you tell us about their activities?
SPEAKER_01:Well, um I would have to say that they are indeed a very interesting actor on any kind of uh cyber-enabled or cyber-related and also nowadays crypto-related uh incidents and crime are very active. Uh it's a little bit hot potato uh uh around the industry, but of course we know that Lazarus has been active for quite a few years, APT-38 also quite a few years. Uh typically uh when something big happens, uh quite a few are very eager already to point out who who the actor is behind those kind of incidents. And and uh definitely uh when you look at the reports, uh I think like a couple of past years we are talking three, four billion dollars in crypto-related hacks and and stolen uh funds that we are aware of that they have stolen. But as mentioned already, like we also see like uh different kinds of other incidents uh that are not directly uh related, but with likelihood might be uh done by DPRK or or one of these uh highly structured sub-entities. They're very well funded, so they operate, of course, from different continents. Uh typically where uh there might be a little bit of political restlessness that might not have a very structured framework around crypto. Uh but they are very active. Uh yes. Um, like I said, it's a little bit hot potato here, uh trying to avoid uh maybe even unintentionally disclose too much. But yeah, they they of course their motive is by passing sanctions and uh funding state operations, mainly their uh WMD programs. Uh so when you imagine them doing billions of dollars past years in different kinds of crypto-related hacks and in stolen and fraud uh funds, uh they they are also very well funded and they have a lot of funding coming from these incidents.
SPEAKER_02:So this links in with a question I was gonna ask you on money laundering. I mean, how do they get the illicit crypto funds back into the monetary system?
SPEAKER_01:That's a good question. Um the the funny thing here is that they are actually quite transparent on their uh fund movements. Uh they use typically few mixers, few cross-chain bridges before they kind of like dilute the funds into different uh like exit points where they then exchange those for real currencies or whatever is in their interest at current at that time. But like uh they're surprisingly like they don't care if some of the accounts get caught or frozen, because they have those in such uh amplitude. Some of them might be done years and years ago already, just being dormant for a long time, might be real people, real stolen identities, might be people in vulnerable positions that has been like uh given them or unknowingly sold their like uh KYC documentation to verify them to exchanges uh just for a small tip. So the the the the ways how the money is flowing out from the system, that is, I would say, much more complicated than you would imagine. And unfortunately, there is still a lot of uncompliant exchanges and uh exit and entry gateways uh that are kind of satisfying the current need what they have. And we have quite a big nations and states that are completely sanctioned and cut off from the monetary systems, which some of the other nations are, then uh maybe not following the same sanctions list. Like we have the UN sanctions list, we have the OF OFAC sanctions list, and so forth. Uh, not all of these necessarily uh go hand in hand. So uh there's quite a few like ways how to still get funds out, and and like I said, some of these transactions are very transparent and not that difficult to trace and track. But like when you have uh, for example, uh some nations that are more compliant than others, uh, it doesn't seem to be overly too complicated to get those funds out. And I have to say that on top of that, because of their multiple levels of layering and sending funds, uh, they might even use legitimate exchanges to take out small amounts, but like because they come to 100% uh like KYC and like legitimate accounts, uh nothing really flags out at that time. Because the tracking and tracing takes some time and and when they have a lot of automation and scripting and and so forth behind all of the fund movements, uh the funds might be out to uh even known and very well respected exchanges even before they uh even realize that that has happened.
SPEAKER_02:Yes, wow. I mean you you just highlighted one of the issues with the whole crypto um blockchain space is the um is the perception, you know, it is legitimate, uh, but unfortunately uh um the perception is it's really used for illicit purposes for money laundering, for criminal proceeds of criminal activity, and for other scams, et cetera. And and that is uh one of the biggest challenges I think that the whole uh space has to has to face and overcome before it becomes accepted in legitimate mainstream finance, right?
SPEAKER_01:But uh again, like cryptos uh and cryptocurrencies, they give you an unprecedented transparency compared to traditional finance. So when you look on the traditional financial investigations, you see only one or two accounts. If they were in the same country, you might be able to see five or six accounts. But then again, cryptocurrencies, you can see when the whole spending pattern goes to multiple different jurisdictions, multiple kinds of addresses which can be considered bank accounts, you're able to get that data quite quickly, and you're able to track and trace those funds quite quickly. So this kind of transparency when you compare to traditional banking, and for example, cash, was never heard of. So, again, like cryptocurrencies also enables you to have this level of like uh like visibility into the whole ecosystem. And of course, that is where we also rely on when we do our recovery investigations and our tracking and tracing that we see where the funds are moving, we see where they are dormant, we see what we can do, for example, if they're dormant in uh uh different kind of assets in in different kinds of addresses. There's multiple different ways also to recover those funds. So that kind of like uh transparency we didn't have in the traditional fines.
SPEAKER_02:Oh, I agree with you. Yeah, you know, the old uh suitcase full of cash uh is a lot harder to trace than uh than crypto. So um yeah, look, um uh we could probably talk for hours on this, but we we're bumping up uh uh against time here. And um and and you see, I I'm so honored that you know you told me before we started that this was your first ever podcast. So I'm I'm truly honored that you um decided to spend it with me. And the suitcase full of cash is on its way to you right now as we speak. But uh no, but let me let me just close up by uh asking you a question I ask all my guests. Um, you know, the uh regular audience will know that I'm a music lover and it's my way of uh sort of decompressing uh at the end of the day. And uh now to anybody because you're from Finland, uh so to anybody who's ever listened to the Eurovision Song Contest uh and the in particular the Finnish entries for the Eurovision Song Contest will know that your answer to this question is uh is gonna be a little bit bizarre. So so come on, uh you see. What are you currently listening to, music-wise?
SPEAKER_01:Well, uh, I will not say the hardest of hard rocks, but you know, uh I'm I'm I'm a rock fan actually. Uh I go all the way from the 70s rock uh up till the reasons. So like anybody from Creed and Squeer about the Revival, the Doors, you know, ACDC, uh like then of course we have a lot of Finnish uh rock bands, but I also listen to RB, dance music, stuff like that. So I have quite a uh large uh venue when it comes to music. Uh also uh have my very good audio set up myself. So but essentially when having a few beers, uh listening to like uh old classic rock, uh a little bit newer rock. So I would say more of uh rock or uh rock guy.
SPEAKER_02:Brilliant, brilliant. Well, I do hope that uh one of these days we can uh uh you know uh listen to a few tunes and grab a beer together because we clearly have similar tastes and backgrounds. UC, thank you once again so much for joining us. And uh if anyone in the audience uh wants to have any follow-up questions, uh there will be links to uh to contact UC and his company, uh Sphere State. And uh thank you again for joining me today. And uh, you know, uh wish you all the best. My absolute pleasure and thank you for having me. Theos Cybernova was presented by myself, Paul Jackson. The studio engineer and editor was Roy DeMonte, the executive producer was myself and Ian Carlos. And this podcast is a co-production between Theos Cyber and W4 Podcast Studio in Dubai.
SPEAKER_00:The Theo Cybernova Podcast.