‘Fugitive’ Spanish aristocrat behind North Korea cryptocurrency conference arrested

Jason Macuray
Alejandro Cao de Benós, the Spanish man from an aristocratic family who became one of the Western world’s most vocal supporters of North Korea, has been arrested in Spain.

Alejandro Cao de Benós, the Spanish man from an aristocratic family who became one of the Western world’s most vocal supporters of North Korea, has been arrested in Spain.

De Benós, the founder of the Korean Friendship Association, was arrested last week at a train station in Madrid, according to an announcement by the Policia Nacional, which described him as a “fugitive” and added that he may have been using false documents.

The arrest relates to allegations of fraud in the United States, where the Department of Justice first charged De Benós in April 2022 in relation to his role in organizing several conferences on cryptocurrency in Pyongyang.

Also charged by the U.S. alongside De Benós was a British national, Christopher Emms, who has since fled to Russia despite initially pledging to return to the United Kingdom when he was detained in Saudi Arabia.

Both men were accused of conspiring with Virgil Griffith, an American, to break U.S. sanctions on Pyongyang imposed over its nuclear weapons tests, by hosting a cryptocurrency conference in 2019 during which they allegedly explained how blockchain technologies could be used to evade banking embargoes.

According to the DOJ indictment, the Western attendees at the conference provided instructions on how North Korea “could use blockchain and cryptocurrency technology to launder money and evade sanctions.” All three men allegedly sought “to develop potential cryptocurrency infrastructure and equipment inside North Korea.”

In a message on social media, Cao de Benós — who said he has been released on bail — protested his innocence and complained that the allegation of fraud was constructed by U.S. authorities to engineer his extradition because Spain could not extradite him for breaching U.S. sanctions.

Indictments and sanctions

North Korea has been accused of stealing billions in cryptocurrency to fund its nuclear weapons program. Alongside specific sanctions from the United States and European Union, the country has been targeted by numerous U.N. Security Council resolutions attempting to address the country’s development of weapons of mass destruction.

Pyongyang has consistently denied involvement in cyber-espionage activities and cryptocurrency heists, despite evidence presented by both United Nations researchers and prosecutors in the United States.

Despite Pyongyang’s protestations of innocence, in 2021 the U.S. unsealed an indictment charging three North Korean hackers — allegedly employed by the country’s military intelligence services — with stealing and extorting more than $1.3 billion from financial institutions and cryptocurrency exchanges around the world.

The indictment detailed allegations about their involvement in multiple cyber activities, including the attack on Sony Pictures and the WannaCry ransomware incident.

At the time, the U.S. Assistant Attorney General John Demers said: “North Korea’s operatives, using keyboards rather than guns, stealing digital wallets of cryptocurrency instead of sacks of cash, are the world’s leading 21st century nation-state robbers. Simply put, the regime has become a criminal syndicate with a flag, which harnesses its state resources to steal hundreds of millions of dollars.”

This May, the U.S. Treasury announced sanctions on four entities that employ thousands of North Korean IT workers who help illicitly finance the regime’s missile and weapons of mass destruction programs.

The department said North Korea maintains legions of “highly skilled” IT workers around the globe, primarily in China and Russia, who “generate revenue that contributes to its unlawful WMD and ballistic missile programs.”

Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Alexander Martin is the UK Editor for Recorded Future News. He was previously a technology reporter for Sky News and is also a fellow at the European Cyber Conflict Research Initiative.


Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Post

Russia-linked ‘Doppelgänger’ social media operation rolls on, report says

Next Post

House panel looks to leapfrog others on FISA as White House makes fresh plea for renewal

Related Posts

Intel and Lenovo BMCs Contain Unpatched Lighttpd Server Flaw

A security flaw impacting the Lighttpd web server used in baseboard management controllers (BMCs) has remained unpatched by device vendors like Intel and Lenovo, new findings from Binarly reveal. While the original shortcoming was discovered and patched by the Lighttpd maintainers way back in August 2018 with version 1.4.51, the lack of a CVE identifier or an advisory meant that
Read More