North Korean IT Workers Stole US Identities to Launder $7.7 Million in Crypto

by

Hold onto your keyboards, folks! The US Department of Justice (DOJ) has swooped in like a superhero in a cape, seizing over $7.74 million that was allegedly laundered for the North Korean government. 💸🦸‍♂️

In a plot twist that even Hollywood would envy, this civil forfeiture action followed a deep dive into a crypto scheme that’s more tangled than your last family reunion. We’re talking stolen American identities and fraudulent remote work. Yes, you heard that right! 🎭

North Korean Operatives Pose as Job Candidates

Filed in the US District Court for the District of Columbia, the complaint reads like a bad spy novel. North Korean IT workers, in a move that would make James Bond proud, posed as American citizens to snag jobs at US blockchain and tech firms. Talk about a resume boost! 📄💼

These tech-savvy spies had their salaries paid in stablecoins like USDC and USDT, which they then funneled back to North Korea using laundering tactics that would make a magician jealous. 🎩✨

The FBI’s investigation revealed that these operatives used stolen or fake IDs to bypass KYC checks. Because who needs a real identity when you can just borrow someone else’s? The IDs also helped them gain access to remote roles, sometimes through job platforms or US-based intermediaries. It’s like a game of “Who’s That Spy?” but with higher stakes! 🕵️‍♂️

The ultimate goal? Generate crypto revenue to support North Korea’s heavily sanctioned weapons program. Because nothing says “I love my country” like funding a weapons program with stolen identities! 💣

“The FBI’s investigation has revealed a massive campaign by North Korean IT workers to defraud U.S. businesses by obtaining employment using the stolen identities of American citizens. All so the North Korean government can evade US sanctions and generate revenue for its authoritarian regime,” said Assistant Director Roman Rozhavsky of the FBI Counterintelligence Division. Sounds like a plot twist in a bad rom-com! 💔

Once they got their hands on the crypto, the operatives allegedly laundered it through “chain hopping.” Other mechanisms included token swapping and even purchasing NFTs to obfuscate the trail. Because if you’re going to commit a crime, you might as well make it trendy! 🎨💻

The funds were reportedly routed through shell accounts and eventually funneled to senior North Korean officials. The filing names officials such as Sim Hyon Sop and Kim Sang Man, both sanctioned by the US Treasury. It’s like a game of Monopoly, but with real money and real consequences! 🏦

North Korea has dispatched thousands of skilled IT workers abroad with the aim of deceiving U.S. and other businesses worldwide into hiring them as freelance IT workers so they can support North Korean cyber operations and generate revenue for the North Korean regime. Learn more…

— NCSC (@NCSCgov) April 3, 2025

Just weeks ago, Kraken security teams reportedly intercepted a North Korean hacker posing as a job candidate. As BeInCrypto reported, they attempted to infiltrate the company under false pretenses. Because who doesn’t love a good undercover operation? 🎭

The hacker used forged credentials in a bold attempt to gain internal access. This highlights how far the regime’s IT proxies will infiltrate US-based crypto firms. It’s like a bad episode of “The Office,” but with hackers! 🏢💻

Kraken Breach, Bybit Hack, and Dark Web Busts Reveal Expansive Threat

According to the DOJ, these workers operated from China, Russia, and Laos under the Chinyong IT Cooperation Company. Notably, this firm is subordinate to North Korea’s Ministry of Defense. Because nothing says “legit business” like being tied to a government known for its questionable practices! 🌍

Further, the filing indicates Chinyong’s CEO, Kim Sang Man’s role in the scheme. Kim allegedly acted as an intermediary between the workers and the country’s Foreign Trade Bank. It’s like a corporate ladder, but with more espionage! 🏢🔍

“For years, North Korea has exploited global remote IT contracting and cryptocurrency ecosystems. We will continue to cut off the financial lifelines that sustain the DPRK and its destabilizing agenda,” added Sue Bai of the DOJ’s National Security Division. Sounds like a plan! 💪

This operation is part of the broader DPRK (Democratic People’s Republic of Korea) RevGen initiative, launched in 2024. Because if you’re going to be a rogue state, you might as well have a catchy name for your initiatives! 🎉

DPRK aims to dismantle North Korea’s cyber-financial infrastructure. It follows a series of DOJ actions against similar schemes, including indictments, asset seizures, and sanctions enforcement. It’s like a game of whack-a-mole, but with more paperwork! 📝

The FBI’s crackdown on North Korea’s crypto tactics comes amid growing alarm. Last month, blockchain investigator ZachXBT warned that North Korea is everywhere in crypto and DeFi. It’s like they’re the new Kardashians of the crypto world! 📈

BeInCrypto reported $244 million in crypto losses in May, largely tied to the Cetus breach and North Korean-linked thefts. Recent incidents also reinforce the scope of the threat. It’s like a horror movie, but instead of ghosts, we have hackers! 👻

Among them is Bybit, suffering a breach traced back to North Korea’s Lazarus Group. Similarly, the DMM Bitcoin hack was tied to the TraderTraitor group from North Korea. Because who doesn’t love a good pun in the world of cybercrime? 😂

The US, Japan, and South Korea have all jointly condemned North Korea’s illicit use of crypto. Specifically, they cited its impact on international security. It’s like a global intervention, but with more sanctions! 🌏

“Crime may pay in other countries but that’s not how it works here…We will halt your progress, strike back, and take hold of any proceeds you obtained illegally,” US Attorney Jeanine Ferris Pirro articulated. And that, my friends, is how you drop the mic! 🎤

Read More

2025-06-08 17:32