Summary: Cryptocurrency irregular warfare cyber operations are not solely profit-motivated. Irregular warfare crypto campaigns may seek political leverage, civil disorder, or the erosion of the adversary’s will to fight.
Irregular Warfare & Cryptocurrency: What’s the Connection?
Warfare is not limited to direct violent conflict via airplanes, drones and troops on the ground. Irregular warfare is a form of warfare where states and nonstate actors campaign through indirect, non-attributable, or asymmetric activities, either as the primary approach or in concert with conventional warfare.
The 2020 Department of Defense: National Defense Strategy- Irregular Warfare annex describes irregular warfare as favoring “indirect or asymmetric approaches…in order to erode an adversary’s power, influence, and will.”
Cyber operations, whether directly or loosely aligned with states, are a key activity in irregular warfare. Irregular warfare cyber operations have included the Stuxnet operation to damage Iran’s nuclear program and Russian cyber-attacks on Ukraine’s power grid.
Cryptocurrency-focused cyber operations are an evolving threat vector in irregular warfare.
Irregular warfare cryptocurrency cyber operation objectives may include:
- generating funds,
- counter-threat finance (i.e. activities conducted to deny, disrupt, destroy, or defeat the generation, storage, movement, and use of assets to fund activities that support an adversary’s ability),
- civil disruption,
- or political leverage.
IRAN: Cryptocurrency Irregular Warfare
The most recent example of cryptocurrency’s role in irregular warfare was the June 18, 2025 hack of Iran’s largest crypto exchange Nobitex by a pro-Israel hacktivist group. Bloomberg reports that many private cybersecurity experts suggest that the hacktivist group, Predatory Sparrow, is linked to the Israeli government.
The Nobitex hack falls squarely within the definition of irregular warfare as the campaign was:
- an indirect,
- non-attributable activity,
- in concert with conventional warfare,
- to erode an adversary’s capabilities
- through counter-threat finance activities.
Unlike most crypto exchange exploits, the perpetrators of the Nobitex hack did not profit from it. Instead, Predatory Sparrow sent $90 million worth of cryptocurrency to unretrievable wallet addresses, effectively rendering the crypto “burned”. The hackers also embedded political messages (ex. “F*ckIRGCterrorists”) against Iran in the vanity cryptocurrency wallet addresses holding the hacked funds. In this instance, cryptocurrency was both the means of sending a political message and the ends in destroying funds potentially supporting an adversary.
U.S. cryptocurrency exchanges are not immune from similar politically / militarily motivated cyber operations.
CHINA: Cryptocurrency Irregular Warfare
Irregular warfare cyber operations may seek to threaten or undermine adversaries by creating chaos. For example, U.S. government cyber officials stated that the Chinese Communist Party (CCP) is preparing for conflict by gaining cyber access to U.S. critical infrastructure. China’s access to American infrastructure (water, power, communications) serves as a preemptive threat to the United States and can sow chaos if the access is acted upon (ex. contaminating the water supply).
China: Bitcoin Irregular Warfare
The CCP’s ability to disrupt bitcoin through supply chain and cyber vulnerabilities serves as an implied (although widely unacknowledged) threat.
The U.S. Bitcoin Strategic Reserve expands the attack surface from individuals and the private sector to the U.S. government.
As I detailed in my American Banker op-ed titled “A strategic bitcoin reserve raises real national concerns”:
Rigs are almost exclusively produced by Chinese firms with one Chinese company accounting for 90% of the market. Rig software was previously found to have backdoors which would allow for remote access.
Given the Chinese monopoly on rigs and majority control of bitcoin computing power [through mining pools], the national security risks to a strategic bitcoin reserve should be clear. Possible scenarios include the CCP knocking American miners offline, overwhelming the U.S. power grid, reversing or blocking U.S. strategic bitcoin reserve transactions, or simply banning the export of rigs to the U.S.
CCP cryptocurrency cyber operations could also disrupt bitcoin-backed stocks and ETFs. Even holders of S&P 500 index funds could be impacted by CCP crypto cyber operations as Coinbase and Telsa hold large amounts of bitcoin.
Will China’s de facto control over bitcoin impact the United States’ response if China invades Taiwan?
Should China conduct a small demonstration of its bitcoin kill switch — U.S. officials deeply entwined with the crypto industry through business ventures or campaign donations — may have second thoughts about intervening on Taiwan’s behalf.
Though China may not profit and may even lose money from denying the U.S. access to bitcoin, profit is not the objective. In this instance, the CCP seeks leverage over U.S. officials and constituents that have the ear and control political purse-strings to erode an adversary’s will to fight.
Despite only 8% of Americans using cryptocurrency in 2024, the crypto industry has an out-sized influence on American politics as demonstrated by being the largest industry donor to political campaigns in 2024.
NORTH KOREA: Cryptocurrency Irregular Warfare
For years, North Korea has relied on cryptocurrency cyber operations to fund nuclear and ballistic missile program. Japan, South Korea, and the United States issued a joint statement on North Korea’s cyber operations to steal cryptocurrency:
The United States, Japan, and the Republic of Korea join together to provide a new warning to the blockchain technology industry regarding the ongoing targeting and compromise of a range of entities across the globe by Democratic People’s Republic of Korea (DPRK) cyber actors. The DPRK’s cyber program threatens our three countries and the broader international community and, in particular, poses a significant threat to the integrity and stability of the international financial system.
North Korea’s crypto cyber operations range from record-breaking hacks of cryptocurrency exchanges like the $1.5 billion hack of ByBit… To North Korea IT workers fraudulently obtaining employment at U.S. firms, being paid in cryptocurrency stablecoins and accessing sensitive data to extort.
Conclusion
Cryptocurrency can serve both as the means and the ends of irregular warfare. As state and nonstate actors explore the capabilities of cryptocurrency cyber operations, we should expect new and diverse irregular warfare campaigns.
Importantly, cryptocurrency cyber operations are not solely profit-motivated. Instead, irregular warfare crypto cyber campaigns may seek political leverage, civil disorder, or the erosion of the adversary’s will to fight.
________________________________________________
Want more DSA Cryptocurrency Insights?
Cryptocurrency Traceability: Unraveling Underlying Assumptions
Sanctioned Countries are Operating Crypto Exchanges
Dynamic Securities Analytics, Inc. provides litigation consulting to help clients successfully navigate disputes involving securities, cryptocurrency, and money laundering.
