‘Fugitive’ Spanish aristocrat behind North Korea cryptocurrency conference arrested

Alejandro Cao de Benós, the Spanish man from an aristocratic family who became one of the Western world’s most vocal supporters of North Korea, has been arrested in Spain.

De Benós, the founder of the Korean Friendship Association, was arrested last week at a train station in Madrid, according to an announcement by the Policia Nacional, which described him as a “fugitive” and added that he may have been using false documents.

The arrest relates to allegations of fraud in the United States, where the Department of Justice first charged De Benós in April 2022 in relation to his role in organizing several conferences on cryptocurrency in Pyongyang.

Also charged by the U.S. alongside De Benós was a British national, Christopher Emms, who has since fled to Russia despite initially pledging to return to the United Kingdom when he was detained in Saudi Arabia.

Both men were accused of conspiring with Virgil Griffith, an American, to break U.S. sanctions on Pyongyang imposed over its nuclear weapons tests, by hosting a cryptocurrency conference in 2019 during which they allegedly explained how blockchain technologies could be used to evade banking embargoes.

According to the DOJ indictment, the Western attendees at the conference provided instructions on how North Korea “could use blockchain and cryptocurrency technology to launder money and evade sanctions.” All three men allegedly sought “to develop potential cryptocurrency infrastructure and equipment inside North Korea.”

In a message on social media, Cao de Benós — who said he has been released on bail — protested his innocence and complained that the allegation of fraud was constructed by U.S. authorities to engineer his extradition because Spain could not extradite him for breaching U.S. sanctions.

Comunicado respecto a mi detención del 30 de noviembre (Por orden del FBI). pic.twitter.com/4mQiYBrWHt

— Alejandro Cao (@DPRK_CAODEBENOS) December 2, 2023

Indictments and sanctions

North Korea has been accused of stealing billions in cryptocurrency to fund its nuclear weapons program. Alongside specific sanctions from the United States and European Union, the country has been targeted by numerous U.N. Security Council resolutions attempting to address the country’s development of weapons of mass destruction.

Pyongyang has consistently denied involvement in cyber-espionage activities and cryptocurrency heists, despite evidence presented by both United Nations researchers and prosecutors in the United States.

Despite Pyongyang’s protestations of innocence, in 2021 the U.S. unsealed an indictment charging three North Korean hackers — allegedly employed by the country’s military intelligence services — with stealing and extorting more than $1.3 billion from financial institutions and cryptocurrency exchanges around the world.

The indictment detailed allegations about their involvement in multiple cyber activities, including the attack on Sony Pictures and the WannaCry ransomware incident.

At the time, the U.S. Assistant Attorney General John Demers said: “North Korea's operatives, using keyboards rather than guns, stealing digital wallets of cryptocurrency instead of sacks of cash, are the world's leading 21st century nation-state robbers. Simply put, the regime has become a criminal syndicate with a flag, which harnesses its state resources to steal hundreds of millions of dollars.”

This May, the U.S. Treasury announced sanctions on four entities that employ thousands of North Korean IT workers who help illicitly finance the regime's missile and weapons of mass destruction programs.

The department said North Korea maintains legions of “highly skilled” IT workers around the globe, primarily in China and Russia, who “generate revenue that contributes to its unlawful WMD and ballistic missile programs.”