The US Department of Justice (DOJ) has seized over $7.74 million allegedly laundered on behalf of the North Korean government.
The sweeping civil forfeiture action followed a probe into an elaborate crypto scheme involving stolen American identities and fraudulent remote work.
North Korean Operatives Pose as Job Candidates
Filed in the US District Court for the District of Columbia, the complaint details how North Korean IT workers posed as American citizens to land jobs at US blockchain and tech firms.
Their salaries, often paid in stablecoins like USDC and USDT, were covertly funneled back to North Korea using advanced laundering tactics.
The FBI’s investigation revealed that these operatives used stolen or fake IDs to bypass KYC checks. The IDs also helped them gain access to remote roles, sometimes through job platforms or US-based intermediaries.
The goal was to generate crypto revenue to support North Korea’s heavily sanctioned weapons program.
“The FBI’s investigation has revealed a massive campaign by North Korean IT workers to defraud U.S. businesses by obtaining employment using the stolen identities of American citizens. All so the North Korean government can evade US sanctions and generate revenue for its authoritarian regime,” said Assistant Director Roman Rozhavsky of the FBI Counterintelligence Division.
Once crypto was obtained, the operatives allegedly laundered it through “chain hopping.” Other mechanisms included token swapping and even purchasing NFTs to obfuscate the trail.
The funds were reportedly routed through shell accounts and eventually funneled to senior North Korean officials. The filing names officials such as Sim Hyon Sop and Kim Sang Man, both sanctioned by the US Treasury.
Just weeks ago, Kraken security teams reportedly intercepted a North Korean hacker posing as a job candidate. As BeInCrypto reported, they attempted to infiltrate the company under false pretenses.
The hacker used forged credentials in a bold attempt to gain internal access. This highlights how far the regime’s IT proxies will infiltrate US-based crypto firms.
Kraken Breach, Bybit Hack, and Dark Web Busts Reveal Expansive Threat
According to the DOJ, these workers operated from China, Russia, and Laos under the Chinyong IT Cooperation Company. Notably, this firm is subordinate to North Korea’s Ministry of Defense.
Further, the filing indicates Chinyong’s CEO, Kim Sang Man’s role in the scheme. Kim allegedly acted as an intermediary between the workers and the country’s Foreign Trade Bank.
“For years, North Korea has exploited global remote IT contracting and cryptocurrency ecosystems. We will continue to cut off the financial lifelines that sustain the DPRK and its destabilizing agenda,” added Sue Bai of the DOJ’s National Security Division.
This operation is part of the broader DPRK (Democratic People’s Republic of Korea) RevGen initiative, launched in 2024.
DPRK aims to dismantle North Korea’s cyber-financial infrastructure. It follows a series of DOJ actions against similar schemes, including indictments, asset seizures, and sanctions enforcement.
The FBI’s crackdown on North Korea’s crypto tactics comes amid growing alarm. Last month, blockchain investigator ZachXBT warned that North Korea is everywhere in crypto and DeFi.
BeInCrypto reported $244 million in crypto losses in May, largely tied to the Cetus breach and North Korean-linked thefts. Recent incidents also reinforce the scope of the threat.
Among them is Bybit, suffering a breach traced back to North Korea’s Lazarus Group. Similarly, the DMM Bitcoin hack was tied to the TraderTraitor group from North Korea.
The US, Japan, and South Korea have all jointly condemned North Korea’s illicit use of crypto. Specifically, they cited its impact on international security.
“Crime may pay in other countries but that’s not how it works here…We will halt your progress, strike back, and take hold of any proceeds you obtained illegally,” US Attorney Jeanine Ferris Pirro articulated.
The post North Korean IT Workers Stole US Identities to Launder $7.7 Million in Crypto appeared first on BeInCrypto.