The U.S. Department of Justice (DOJ) has seized over $7.74 million accused of money laundering on behalf of the North Korean government.
This extensive civil seizure occurred after an investigation into a complex cryptocurrency scheme involving identity theft of Americans and fraudulent remote work.
North Korean Agents Posing as Job Applicants
The lawsuit filed in the District of Columbia Court details how North Korean IT personnel posed as American citizens to obtain jobs at U.S. blockchain and technology companies.
Their salaries, often paid in stablecoins like USDC and USDT, were secretly transferred to North Korea using advanced money laundering tactics.
The FBI investigation revealed that they used stolen or forged IDs to bypass KYC checks. These IDs also helped them access remote roles, sometimes through U.S.-based job platforms or intermediaries.
The goal was to generate cryptocurrency revenue to support North Korea's heavily sanctioned weapons program.
"The FBI investigation revealed a large campaign by North Korean IT personnel to defraud U.S. businesses by applying for jobs using stolen American citizen identities. All to help the North Korean government evade U.S. sanctions and generate revenue for its regime," said FBI Counterintelligence Assistant Director Roman Rozhavsky.
After obtaining cryptocurrency, they were accused of money laundering through "chain hopping". Other mechanisms included token swapping and even purchasing Non-Fungible Tokens to obscure traces.
The funds were reportedly transferred through shell accounts and ultimately sent to high-ranking North Korean officials. The lawsuit names officials such as Sim Hyon Sop and Kim Sang Man, both sanctioned by the U.S. Treasury.
Just weeks ago, Kraken's security teams were said to have stopped a North Korean hacker posing as a job applicant. As BeInCrypto reported, they attempted to infiltrate the company under a false identity.
The hacker used forged documents in a bold attempt to gain internal access. This demonstrates the penetration level of the regime's IT representatives into U.S.-based cryptocurrency companies.
Kraken Incident, Bybit Hack, and Dark Web Crackdowns Reveal Large Threat
According to the DOJ, these workers operated from China, Russia, and Laos under the management of Chinyong IT Cooperation Company. Notably, this company is under the management of North Korea's Defense Department.
Furthermore, the lawsuit points out the role of Chinyong's CEO, Kim Sang Man, in this plan. Kim is accused of acting as an intermediary between employees and the country's Foreign Trade Bank.
"For years, North Korea has exploited global remote IT contracts and the cryptocurrency ecosystem. We will continue to cut off the financial sources sustaining the DPRK and their destabilizing program," said Sue Bai of the DOJ's National Security Division.
This activity is part of the DPRK RevGen initiative, launched in 2024.
DPRK aims to dismantle North Korea's financial network infrastructure. It follows a series of DOJ actions against similar plans, including indictments, asset seizures, and enforcement of sanctions.
The FBI's crackdown on North Korea's cryptocurrency tactics occurs amid growing concerns. Last month, blockchain investigator ZachXBT warned that North Korea is ubiquitous in cryptocurrency and DeFi.
BeInCrypto reported $244 million in cryptocurrency losses in May, primarily related to the Cetus infiltration and North Korea-related thefts. Recent incidents further solidify the scope of the threat.
These include Bybit, which was traced back to North Korea's Lazarus group. Similarly, the DMM Bitcoin hack was linked to the TraderTraitor group from North Korea.
The U.S., Japan, and South Korea have jointly condemned North Korea's illegal cryptocurrency use. Specifically, they highlighted its impact on international security.
"Criminals may profit in other countries, but not here... We will stop your progress, counterattack, and seize any funds you obtain illegally," said U.S. Attorney Jeanine Ferris Pirro.
