The U.S. Department of Justice (DOJ) has confiscated over $7.7 million in cryptocurrency in a case tied to North Korean crypto crime. Operatives based in North Korea used stolen U.S. identities and remote job scams to bypass sanctions and funnel digital assets to their government.
Fake American Identities Fuel International Crypto Crime
Legal documents reveal that North Korean IT workers applied for remote positions at blockchain and tech companies in the U.S. Using stolen or counterfeit American identities, they were able to pass Know Your Customer (KYC) checks and secure jobs on major hiring platforms.
Once hired, they were paid in digital currencies like USDC and USDT. These funds were then covertly redirected to the North Korean regime using complex laundering processes.
“This investigation reveals a coordinated attempt to defraud U.S. companies to financially support North Korea’s sanctioned government,” said FBI Assistant Director Roman Rozhavsky.
Sophisticated Laundering Techniques Exposed
To cover their tracks, the operatives used several tactics:
- Chain-hopping across different blockchain networks
- Token swapping to obscure asset origins
- NFT purchases as an additional laundering layer
These strategies allowed them to move funds without triggering typical fraud detection systems. Much of the laundered money ultimately reached high-ranking officials already sanctioned by the U.S. Treasury, including Sim Hyon Sop and Kim Sang Man.
The Role of Chinyong IT Company
Investigators identified the Chinyong IT Cooperation Company as a central actor in the operation. Affiliated with North Korea’s Ministry of Defense, the company is believed to have managed the workflow of the IT workers. CEO Kim Sang Man served as a bridge between the workers and the regime’s Foreign Trade Bank.
“We’re taking decisive action to sever financial pipelines used by North Korea to fund its destabilizing programs,” said Sue Bai of the DOJ’s National Security Division.
North Korean Crypto Crime Expands Across the Industry
This case is just one piece of a broader campaign of North Korean crypto crime. Cybersecurity researcher ZachXBT and government officials have warned of increasing attacks and scams tied to North Korea’s hacker networks.
In recent months, the following crypto platforms have fallen victim:
- Bybit, in an attack attributed to the Lazarus Group
- DMM Bitcoin, linked to the TraderTraitor threat group
- Cetus, which lost over $244 million due to coordinated thefts
These incidents have triggered international concern, leading to joint responses from the United States, Japan, and South Korea.
Attempted Infiltration of Kraken
In a separate but related incident, a North Korean hacker attempted to infiltrate U.S.-based crypto exchange Kraken by applying for a job with forged credentials. The platform’s security team quickly detected the fraud and blocked the attempt.
This event reflects the growing lengths to which North Korean actors are going to penetrate the global crypto workforce.
North Korean Crypto Crime: A Growing Global Threat
The seizure of $7.7 million in laundered crypto is a critical win in the fight against North Korean crypto crime. But it also highlights the sophisticated, evolving nature of the threat. By abusing remote work systems and blockchain loopholes, North Korea continues to finance its sanctioned programs.
“We will not allow foreign regimes to exploit American systems to fund weapons or bypass sanctions,” emphasized U.S. Attorney Jeanine Ferris Pirro.
As attacks escalate, stronger cybersecurity protocols and international collaboration will be essential to curb this persistent threat.
