Carnegie Endowment for International Peace: Technology, Security, and Crypto Governance

Carnegie Endowment for International Peace is one of the oldest and most respected foreign policy think tanks in the United States, founded in 1910 with a mandate to advance international peace and security. Its offices in Washington, Moscow, Brussels, Beijing, Beirut, and New Delhi give it a genuinely global perspective that Washington-only institutions cannot replicate. And its focus on international security, governance, and the management of emerging technologies makes its engagement with crypto qualitatively different from that of financial regulation think tanks.

Carnegie researchers do not start from the question of how to regulate an exchange or protect a retail investor. They start from questions about state power: how does crypto affect governments’ ability to finance themselves, conduct sanctions, control capital flows, and maintain monetary sovereignty? How should the international community govern a technology that is genuinely borderless in ways that challenge all existing regulatory frameworks? And what does crypto mean for the geopolitics of financial infrastructure?

Technology and International Affairs

Carnegie’s Technology and International Affairs Program engages with the governance of emerging technologies across AI, biotechnology, cyber security, and digital finance. The program’s crypto work is embedded in this broader technology governance framework — crypto is one of several emerging technologies that challenge existing governance institutions and create new forms of international competition.

This embedding produces analysis that connects crypto to questions that financial regulators typically don’t address. How do state-sponsored hacking operations use crypto to fund their activities? What does North Korea’s successful generation of more than $3 billion in crypto proceeds through exchanges and hacks since 2017 mean for the efficacy of international sanctions? How does China’s digital finance strategy connect to its broader ambitions in international financial governance? Carnegie researchers bring the analytical toolkit of international security and governance to these questions rather than the toolkit of financial regulation.

Crypto, Financial Crime, and State Actors

Carnegie’s most distinctive contribution to the crypto policy debate is its analysis of state-sponsored financial crime through crypto channels. While FATF focuses primarily on criminal organizations and terrorist financing, Carnegie’s work has given sustained attention to nation-state actors — North Korea, Russia, Iran — that use crypto as a tool of statecraft.

North Korea’s crypto operations represent the most documented case of state-sponsored crypto financial crime. Carnegie researchers have mapped the operational structure of these activities: the initial theft (typically from exchange hacks or social engineering), the initial obfuscation (mixing services, chain-hopping across multiple blockchains), the conversion to fiat (through over-the-counter brokers and exchanges with weak AML controls in jurisdictions that don’t effectively enforce FATF standards), and the final use (weapons program financing). The Bybit hack of February 2025, which saw $1.5 billion attributed to North Korea’s Lazarus Group, followed a pattern that Carnegie had documented and predicted.

This forensic analysis is distinct from the policy advocacy of most think tank crypto work. Carnegie’s contributions include detailed technical understanding of how illicit crypto flows operate, which gives its policy recommendations more operational credibility than purely abstract analysis. When Carnegie researchers say that Travel Rule implementation is inadequate to address state-sponsored crypto theft, they are making this claim based on understanding exactly which points in the operational chain the Travel Rule does and does not address.

Sanctions and the Limits of Crypto Enforcement

Carnegie’s analysis of crypto and sanctions has been characteristically honest about what sanctions can and cannot accomplish in a crypto environment. The current enforcement picture is mixed: major exchanges implement US OFAC sanctions screening, and enforcement against crypto firms that violated sanctions (including Binance and others) has been significant. At the same time, sophisticated state actors can route transactions through unregulated channels that sanctions screening at major exchanges does not reach.

The policy implication Carnegie draws is not that crypto sanctions are futile but that they require continuous adaptation. Blockchain analytics capabilities at enforcement agencies need investment. International cooperation on crypto enforcement needs development — particularly engagement with jurisdictions that are not effectively enforcing FATF standards and that are used as exit points for illicit crypto flows. And the legal framework for crypto sanctions needs to keep pace with evolving technical capabilities.

Comparison with RAND and Belfer

Carnegie’s crypto work occupies a niche alongside RAND Corporation and the Harvard Belfer Center — institutions that bring international security and governance expertise to digital finance questions. The three institutions’ approaches differ in orientation: RAND tends toward more quantitative, operationally-focused analysis; Belfer brings Harvard’s academic depth and international elite convening capacity; Carnegie brings the global office network and established international peace-and-security credibility.

All three produce analysis that is distinctly different from financial regulation think tanks — more concerned with state power, geopolitics, and international governance than with securities law or consumer protection. For policymakers at the NSC, State Department, Treasury’s Office of Terrorism and Financial Intelligence, or intelligence community components with crypto mandates, Carnegie’s output is more directly relevant than Brookings’ payment system analysis or PIIE’s macro-economics work.

The practical message for crypto policy practitioners is that the national security community engages with crypto differently than the financial regulation community — and the conclusions they reach are different. Understanding both conversations is essential for anyone trying to track where crypto policy is actually heading.