In a major victory against digital financial crime, the U.S. Department of Justice (DOJ) has seized more than $7.7 million in cryptocurrency linked to North Korean crypto fraud. Operatives used stolen identities and remote work schemes to funnel funds to Pyongyang, bypassing international sanctions.
How Hackers Exploited Remote Jobs
According to filings in a Washington, D.C. court, North Korean IT specialists posed as Americans to get hired at blockchain and tech firms. Using forged or stolen IDs, they passed KYC checks and secured remote roles.
Their salaries, often paid in USDT and USDC, were then covertly transferred to North Korea.
“This operation shows how North Korea used stolen identities to infiltrate U.S. businesses and fund its regime,” said FBI Assistant Director Roman Rozhavsky.
Methods Used in North Korean Crypto Fraud
To hide the origin of the stolen crypto, the hackers employed:
- Chain hopping: Moving crypto across blockchains
- Token swapping: Masking transaction trails
- NFT purchases: Obscuring fund transfers
The money ultimately reached individuals already sanctioned by the U.S., including Sim Hyon Sop and Kim Sang Man.
Role of Chinyong IT Company
The DOJ also identified Chinyong IT Cooperation Company, under North Korea’s Ministry of Defense, as a central player in the scheme. Its CEO, Kim Sang Man, acted as a link between the IT workers and North Korea’s Foreign Trade Bank.
“We are committed to cutting off financial lifelines that empower the DPRK,” said Sue Bai from the DOJ’s National Security Division.
Cybercrime and North Korean Crypto Fraud
Experts like ZachXBT have repeatedly warned that North Korean crypto fraud extends deep into the decentralized finance space. The regime’s cyber units, like the Lazarus Group, are responsible for several high-profile crypto attacks:
- Bybit breach
- DMM Bitcoin hack
- Cetus exploit, totaling $244 million in losses
These attacks triggered joint warnings from the U.S., Japan, and South Korea.
Kraken Stops North Korean Infiltration Attempt
In a recent incident, crypto exchange Kraken stopped a suspected North Korean hacker posing as a job applicant. The individual used fake credentials, aiming to infiltrate the company’s systems – a tactic consistent with North Korean crypto fraud efforts.
This serves as a reminder for companies to maintain strong KYC and monitoring protocols.
Conclusion: Staying Ahead of North Korean Crypto Fraud
The $7.7 million seizure is part of an ongoing global effort to stop North Korean crypto fraud. These tactics – fake IDs, remote work scams, and blockchain laundering – pose a major threat to financial and national security.
“We will continue to disrupt the operations that support North Korea’s regime,” said U.S. Attorney Jeanine Ferris Pirro.
Stronger industry practices and international cooperation are essential to defeating this threat.
