The US Department of Justice (DOJ) has successfully seized over $7.74 million in cryptocurrency allegedly laundered on behalf of the North Korean government. This marks a significant victory in the ongoing battle against North Korea’s illicit financial activities. These rely heavily on stolen American identities and fraudulent remote work schemes to bypass international sanctions.
North Korean Operatives Exploit Remote Work for Illicit Gains
According to a complaint filed in the US District Court for the District of Columbia, North Korean IT workers posed as American citizens to secure jobs at US-based blockchain and tech firms. These operatives used stolen or fake IDs to bypass Know Your Customer (KYC) checks. This enabled them to infiltrate remote roles through job platforms or intermediaries.
Once hired, their salaries—often paid in stablecoins like USDC and USDT —were covertly funneled back to North Korea using sophisticated laundering techniques. The funds were allegedly intended to support the country’s heavily sanctioned weapons program. This furthered its destabilizing agenda.
“The FBI’s investigation has revealed a massive campaign by North Korean IT workers to defraud US businesses by obtaining employment using the stolen identities of American citizens. All so the North Korean government can evade US sanctions and generate revenue for its authoritarian regime,” said Assistant Director Roman Rozhavsky of the FBI Counterintelligence Division.
Advanced Laundering Tactics: Chain Hopping, Token Swapping, and NFTs
To obscure the origins of the stolen funds, the operatives employed a range of advanced laundering tactics:
- Chain hopping: Moving funds across multiple blockchains to complicate traceability.
- Token swapping: Exchanging one cryptocurrency for another to further mask transactions.
- NFT purchases: Using crypto to buy non-fungible tokens (NFTs) as a way to obfuscate the money trail.
The laundered funds were reportedly routed through shell accounts before being transferred to senior North Korean officials. This included individuals like Sim Hyon Sop and Kim Sang Man, both of whom are sanctioned by the US Treasury.
Chinyong IT Cooperation Company: A Key Player in the Scheme
The DOJ filing highlights the role of Chinyong IT Cooperation Company, a firm subordinate to North Korea’s Ministry of Defense. Chinyong allegedly coordinated the IT workers’ activities. Its CEO, Kim Sang Man, acted as an intermediary between the operatives and North Korea’s Foreign Trade Bank.
“For years, North Korea has exploited global remote IT contracting and cryptocurrency ecosystems. We will continue to cut off the financial lifelines that sustain the DPRK and its destabilizing agenda,” stated Sue Bai of the DOJ’s National Security Division.
This operation is part of the broader DPRK RevGen initiative, launched in 2024 to dismantle North Korea’s cyber-financial infrastructure. It follows a series of DOJ actions targeting similar schemes, including indictments, asset seizures, and sanctions enforcement.
Growing Cyber Threats from North Korea
The FBI’s crackdown comes amid growing concerns about North Korea’s pervasive presence in the crypto and decentralized finance (DeFi) sectors. Last month, blockchain investigator ZachXBT warned that North Korea is deeply embedded in the crypto space. The regime reportedly leverages hacks and scams to fund its regime.
Recent incidents underscore the scope of the threat:
- Bybit breach: Attributed to North Korea’s Lazarus Group, this hack resulted in significant losses.
- DMM Bitcoin hack: Linked to the TraderTraitor group, another North Korean cyber unit.
- Cetus breach: Contributed to $244 million in crypto losses in May, largely tied to North Korean-linked thefts.
Hence, these attacks have prompted joint condemnation from the US, Japan, and South Korea. They have cited North Korea’s illicit use of crypto as a threat to international security.
“Crime may pay in other countries, but that’s not how it works here… We will halt your progress, strike back, and take hold of any proceeds you obtained illegally,” emphasized US Attorney Jeanine Ferris Pirro.
Recent Intercept: Kraken Thwarts North Korean Hacker
Just weeks ago, Kraken’s security teams intercepted a North Korean hacker posing as a job candidate. As reported by BeInCrypto, the individual attempted to infiltrate the company using forged credentials. This highlights the lengths to which North Korea’s IT proxies will go to access US-based crypto firms.
This incident underscores the need for heightened vigilance within the industry. Companies must implement robust KYC protocols and continuously monitor for suspicious activity to prevent infiltration by state-sponsored actors.
Final Thoughts
The seizure of North Korean crypto laundering $7.7 million is a stark reminder of North Korea’s persistent efforts to exploit the global crypto ecosystem for illicit gains. The regime uses stolen identities, fraudulent remote work schemes, and advanced laundering techniques. By doing so, they continue to evade sanctions and fund their destabilizing activities.
As the US and its allies intensify their crackdown on these operations, the crypto industry must remain vigilant. Strengthening security measures, enhancing transparency, and also fostering international cooperation will be critical to combating this evolving threat.
“We will continue to cut off the financial lifelines that sustain the DPRK and its destabilizing agenda.”
In general, the fight against North Korea’s cyber-financial operations is far from over—but recent successes demonstrate that progress is possible.
