Authored by: Linda Gomez
Cryptocurrencies and Web3 technologies have been on a crusade to disrupt legacy institutions like central banking since Bitcoin’s launch in 2009–but it seems they can disrupt more than just banking.
In just over a decade, decentralized ledger technologies (DLTs), like virtual currencies (VCs) and the blockchain networks enabling transactions, have gained significant traction among the general public. Statista’s data confirmed this positive response showing that the 66 VCs circulating in 2013 skyrocketed to over 10,000 in 2022. Many of cryptocurrency’s most appealing features–accessibility, immutable transactions, no intermediary bodies, and security–have even prompted central banks to establish their own Central Banking Digital Currency (CBDC) as a way to boost banking activity efficiency in countries with large unbanked populations like Nigeria, the Bahamas, and even economic superpowers like China and the EU.
The European Banking Authority’s report on VCs noted several financial environments under which the digitalization of finance and banking provides “an alternative way for individuals to achieve the same end: accessing commerce and effecting payment transactions.” Such environments include jurisdictions where:
- Financial services are not widely available;
- The national currency is not convertible into other fiat currencies;
- Financial services are too expensive for individuals;
- The administrative burden for obtaining an account is high; and
- Users have a high-risk profile.
There are certainly benefits to reap from the digitalization of financial services and integration of blockchain technology for citizens and governments alike. However, if decentralized technology is adopted too quickly without proper safety and security measures, the likelihood of geopolitical strife as an unintended consequence seems all but guaranteed.
Can Crypto Disrupt the Global Balance of Power?
Much like the Arms Race in the 1950s or the Space Race in the 1960s, the race among countries to incorporate decentralized ledger technologies (DLTs) into their infrastructure represents a new era in the balance of power competition.
International Relations scholar John Mearsheimer recaps this dynamic well, claiming states “are always searching for opportunities to gain power over their rivals, with hegemony as their final goal.” If Great Power conflicts or World Wars have illustrated anything, the international system intrinsically encourages states to seek and compete for power. But how do states pursue this objective?
Unfortunately, the answer is not as simple anymore. Historically, determining relative power among states boiled down to weapons and wealth. Weapons equated to military power, just as GDP equated to economic power. As wealth and military capabilities fed into each other like a positive feedback loop, the more power those countries accrued. But the rise of innovation in technology like DLTs has disrupted this balance of power.
These innovative, disruptive technologies are a source of power in their own right by creating a new Web3 arena where states can either expand or defend their resources–in this case, VCs. With that in mind, it is interesting to see which countries have opted to invest in developing and harnessing the power of DLTs and which countries have not. For example, military and economic superpowers like the US are raising eyebrows with the slow and steady approach to building up their decentralized infrastructure capabilities.
The cause for concern is simple: It is no longer a foregone conclusion that states with the largest standing armies, highest defense budgets, and strongest GDPs can inflict or defend against the most harm, especially when the blockchain-based Web3 presents a new metaphorical combat zone. Recent cryptocurrency attacks not only prove that these assaults are easily launched from behind a keyboard to wreak havoc on states’ economic and security operations, but they also no longer necessarily imply that a state actor is stroking the keys.
Cryptocurrency as a Matter of National Security
For years, cybersecurity has formed an integral part of the US security strategy. But these security concerns are no longer limited to hacked email accounts and malware viruses–cryptocurrency attacks are also on the list.
Earlier this month, President Biden emphasized “[rebalancing] the responsibility to defend cyberspace” as a priority in the annual US cybersecurity strategy, including initiatives like “Mitigating Risks to Vulnerable Cryptographic Systems.” Though cryptocurrency security has fallen under the jurisdiction of national security agencies like the FBI and the National Cryptocurrency Enforcement Team, the repercussions of these attacks fall well within the realm of international security threats.
A US Crypto Heist Turned International Nuclear Threat
In June 2022, the FBI launched investigations against the North Korean-sponsored cybercrime organization Lazarus Group for their $100 million cryptocurrency heist of Harmony’s Horizon blockchain bridge. It is easy to chalk up the heist to an inconvenient loss for Harmony’s users. However, the broader security implications became apparent when investigators postulated the laundered funds would “support North Korea’s ballistic missile and Weapons of Mass Destruction programs.” The connection between a North Korean cybercrime group’s heist against a US crypto firm and international security may seem tenuous. But pulling on the string proves otherwise.
- Chainanalysis reported USD 1.7 billion worth of stolen cryptocurrency across numerous hacks masterminded and executed by Lazarus in 2022; that’s more than quadruple its USD 429 million theft record for 2021.
- In 2022, North Korea launched a record number of missiles despite its shrinking GDP for two consecutive years and plummeting food exports due to a nationwide drought, according to BBC
- Each missile deployment costs around USD 3 million for short-range and USD 10 million for long-range missiles; the 2021 heists alone could have funded 143 short-range and 43 long-range missile deployments.
- On 1 January 2023, Kim Jong-Un vowed to “exponentially increase” the production of nuclear weapons in 2023 without any mention of an economic recovery plan or mitigation strategy for the food insecurity crisis.
North Korea may not be investing in its resilience capabilities as it faces a stagnant economy or national food scarcity crisis. But it sure seems to be developing a robust infrastructure of cyber attackers targeting crypto assets to fund its nuclear weapons projects and military arsenal.
Where Do We Go from Here?
None of this is to negate the vast utility of Web3’s DLTs and digitalized financial services. But failure to develop resilient security infrastructures and risk mitigation strategies around crypto assets as countries launch CBDCs seems unwise and potentially catastrophic hubris.
Naturally, the debates around regulating cryptocurrency tend to provoke heavy resistance from Web3 evangelists. However, the issue at hand no longer pertains to maintaining Web3’s decentralized ethos–it is now a matter of physical and cybersecurity.
If anything, it is reassuring that the international security community raises concern when evidence supports assumptions the loot obtained in these and future attacks are resources for North Korea and other similar regimes to advance their offensive military objectives to acquire power. At the very least, their concern is evidence that the way we conceptualize geopolitical risks has changed and will no longer be as straightforward.
We have adapted to change before and can do it again. We changed how we consume, communicate, and create with the advent of the internet, and now Web3 is changing how we conduct our finances and store our information. Though many still view cryptocurrency as an abstract idea, fake currency, or “funny money,” there is proof that it has materialized as an asset with tangible and potentially severe implications. Ultimately, change has emerged, which means changing how we think about securing our assets–including crypto assets–and how the cybersecurity exposure of these assets can translate to vulnerabilities in our physical security.