The prominent hacker and Ethereum developer Virgil Griffith was arrested by the US government Friday after he spoke at an April conference on blockchain technologies in North Korea. The US government considers his presentation to be a transfer of technology—and therefore a violation of US sanctions.
But Griffith’s defenders, including Ethereum founder Vitalik Buterin, describe the arrest as a massive overreaction. Griffith worked for the Ethereum Foundation, and Buterin called him a friend.
“I don’t think what Virgil did gave the DPRK [Democratic People’s Republic of Korea] any kind of real help in doing anything bad,” Buterin tweeted on Sunday. “He delivered a presentation based on publicly available info about open source software.”
But federal prosecutors argue that Griffith, a US citizen residing in Singapore, knew full well that his trip violated US sanction laws. They say he sought approval for the trip from the US State Department, and his request was denied. Griffith made the trip anyway, traveling through China to evade US travel restrictions.
In a charging document, an FBI agent wrote that Griffith “discussed how blockchain and cryptocurrency technology could be used by the DPRK to launder money and evade sanctions, and how the DPRK could use these technologies to achieve independence from the global banking system.”
Griffith made little effort to hide his travel plans. He tweeted out a photo of his travel documents and voluntarily talked to the FBI after his trip. He even allowed the authorities to inspect his cell phone.
The feds say Griffith’s electronic communications show a clear intention to violate US sanctions laws. When a friend asked why the North Korean regime was interested in cryptocurrency, he wrote: “probably avoiding sanctions… who knows.”
Later, he told a friend of his plan to help send 1 unit of cryptocurrency (presumably ether) between South and North Korea. The friend asked “Isn’t that violating sanctions?” Griffith replied “it is,” according to the US government.
“Minor public-relations disasters”
Griffith was a well-known figure in the hacking world for more than a decade before this year’s trip to North Korea. He was featured by The New York Times in a 2008 article that focused on his creation of WikiScanner—software that helped uncover people and organizations making surreptitious changes to Wikipedia.
He told the Times that he aspires to “create minor public-relations disasters for companies and organizations I dislike.”
In 2003, Griffith was sued by education-software maker Blackboard to stop him from presenting research on security flaws in Blackboard’s software. A 2006 paper demonstrated how easy it was to guess people’s mothers’ maiden names from public records—highlighting the downside of using this information to authenticate consumers.
According to his LinkedIn page, Griffith received a Ph.D. in computation and neural systems in 2014. Since then, he has been involved in a variety of cryptocurrency projects. He has been a research scientist at the Ethereum Foundation since 2016.