The US Department of Justice (DOJ) has seized more than $7.74 million allegedly washed on behalf of the North Korean government.
An investigation into elaborate cryptographic schemes that include stolen American identity and fraudulent remote work was followed by drastic civil forfeitures.
North Korean operatives posing as job seekers
The complaint, filed in the US District Court for the District of Columbia, details how North Korean IT workers have placed their stance as American citizens to land jobs in US blockchain and high-tech companies.
Their salaries, often paid in stub coins, such as USDC and USDT, were secretly returned to North Korea using advanced laundry tactics.
An investigation by the FBI revealed that these operatives bypassed KYC checks using either stolen or fake IDs. IDs can now access remote roles via job platforms and US-based intermediaries.
The goal was to generate crypto revenues to support North Korea’s carefully selected weapons programme.
“The FBI investigation reveals a massive campaign by North Korean IT workers to fraudulent American businesses by using the stolen identities of American citizens to acquire jobs. All North Korean governments can avoid US sanctions and generate revenue for the authoritarian regime.
Once the code was obtained, the operatives allegedly washed it through “chain hopping.” Other mechanisms included swapping tokens and even buying NFTs to obfuscate trails.
The funds reportedly were routed through shell accounts and eventually poured into senior North Korean officials. The filing names are both approved by staff such as Sim Hyon Sop and Kim Sang Man by the US Treasury Department.
Just a few weeks ago, Kraken’s security team reportedly intercepted a North Korean hacker pretending to be a job seeker. As Beincrypto reported, they tried to infiltrate the company pretending to be false.
Hackers used forging qualifications in bold attempts to gain internal access. This highlights how much the administration’s proxy infiltrates US-based crypto companies.
Kraken Breach, Bybit Hack and Dark Web Busts uncover vast threats
According to the DOJ, these workers were operated from China, Russia and Laos under the Chinyong IT Coporation Company. In particular, the company is subordinate to the North Korean Ministry of Defense.
Furthermore, this filing illustrates the role of Chinyong CEO Kim Sang Man in the scheme. Kim is said to have acted as an intermediary between the workers and the country’s foreign trade bank.
“For years, North Korea has leveraged its global remote IT contracts and cryptocurrency ecosystem, and will continue to cut off DPRK and its financial lifeline that maintains its volatile agenda,” added Subai, DOJ’s national security arm.
The project is part of the broader DPRK (DPRK) Revgen initiative launched in 2024.
DPRK aims to dismantle North Korea’s cyberfinancial infrastructure. This follows a series of DOJ actions on similar schemes, including indictment, asset seizing and sanctions enforcement.
The FBI crackdown on North Korea’s code tactics comes amid increasing vigilance. Last month, blockchain investigator Zachxbt warned that North Korea is everywhere in its crypto and debt.
Beincrypto reported $244 million in crypto losses in May. Recent incidents also strengthen the scope of the threat.
Among them is Bibit, suffering from violations dating back to the North Korean Lazarus group. Similarly, the DMM Bitcoin Hack was tied to the North Korean Trader group.
The US, Japan and South Korea are all co-confessing the illegal use of North Korea’s codes. Specifically, they cited the impact on international security.
“Crime may be paid in other countries, but that’s not how it works here… We’ll stop your progress, fight back and figure out what you’ve made illegally.”
Disclaimer
In compliance with Trust Project guidelines, Beincrypto is committed to reporting without bias and transparent. This news article is intended to provide accurate and timely information. However, we recommend that readers independently verify the facts and consult with experts before making decisions based on this content. Please note that our terms and conditions, privacy policy and disclaimer have been updated.
