Millions of dollars in cryptocurrency, allegedly
earned by North Korean IT workers using stolen U.S. identities, now sit frozen
as part of a sweeping U.S. forfeiture action aimed at dismantling a
sophisticated sanctions-evasion network.
The Department of Justice (DOJ) revealed this latest
seizure reportedly as part of its ongoing efforts to disrupt illicit revenue streams that
fund Pyongyang’s weapons development.
A Digital Trail of Deception
The civil forfeiture complaint, filed in the District
of Columbia, alleges that North Korean nationals posed as remote IT
contractors, working for companies in the United States and elsewhere.
Department Files Civil Forfeiture Complaint Against Over $7.74M Laundered on Behalf of the North Korean Government🔗: pic.twitter.com/o23HY6C6Zw
— U.S. Department of Justice (@TheJusticeDept) June 5, 2025
Their goal was reportedly to generate hard-to-trace
crypto income to funnel back to the regime in Pyongyang quietly. By using fake
identities and securing jobs in blockchain development firms, they built up a
digital pipeline worth a million.
The funds, worth over $7.74 million, were initially
frozen during an earlier case involving Sim Hyon Sop, an alleged Foreign Trade
Bank representative working with these IT operatives. U.S. authorities claim Sim coordinated money flows
between the workers and the North Korean government.
Read more: North Korean Hackers Use Fake U.S. Companies to Spread Malware in Crypto Industry
“This forfeiture action highlights, once again, the
North Korean government’s exploitation of the cryptocurrency ecosystem to fund
its illicit priorities,” said Matthew R. Galeotti, Head of the Justice
Department’s Criminal Division.
“The Department will use every legal tool at its
disposal to safeguard the cryptocurrency ecosystem and deny North Korea its
ill-gotten gains in violation of U.S. sanctions,” he added.
According to the complaint, North Korean workers
employed complex laundering techniques to obscure the funds’ origins. These
included using fictitious identities, “chain hopping” between blockchains,
token swaps, and even purchasing NFTs to disguise value transfers.
Once disguised, the cryptocurrency was rerouted
through intermediaries, including Sim and Kim Sang Man, the CEO of Chinyong (a
North Korean IT company linked to the military).
FBI Unmasks North Korea’s Remote Workforce
The FBI, which led the investigation, revealed that
North Korea deployed these operatives in countries including China, Russia, and
Laos.
The workers used U.S.-based laptop farms and VPN
obfuscation to hide their true locations. By assuming the identities of
Americans, they duped U.S. companies into paying them in cryptocurrencies like
USDC and USDT.
In a separate recent report, North Korean hackers reportedly
established seemingly legitimate companies in the US to infiltrate the crypto
sector, targeting unsuspecting developers through fake job offers.
According to a report by the Japanese Times, the attackers used legal registrations, corporate fronts, and social engineering to conceal their true identities behind American business facades and deliver malware until the FBI
stepped in.
The fake firms reportedly formed part of an advanced campaign by a subgroup of the Lazarus Group, a state-sponsored cyber unit linked to North Korea’s Reconnaissance General Bureau.
This article was written by Jared Kirui at www.financemagnates.com.
