In a landmark enforcement move, the U.S. Department of Justice has confiscated over $7.7 million in cryptocurrency tied to crypto laundering by North Korea. The operation sheds light on an elaborate system of digital fraud involving fake identities, remote employment, and blockchain transactions designed to evade global sanctions.
Identity Theft Fuels Crypto Laundering by North Korea
Legal documents from the District Court in Washington, D.C. reveal that North Korean IT professionals impersonated U.S. citizens to secure remote jobs at American tech and blockchain companies. These operatives bypassed Know Your Customer (KYC) requirements using counterfeit or stolen documentation.
Once onboarded, they received salaries in stablecoins like USDT and USDC, which were covertly redirected to North Korea via a complex laundering network.
“The FBI uncovered a vast operation in which North Korean IT workers used stolen identities to infiltrate American companies and channel earnings back to fund the regime,” said FBI Assistant Director Roman Rozhavsky.
Laundering Tools Used by North Korean Operatives
To cover their digital tracks, the regime’s proxies deployed several laundering strategies:
- Chain hopping across multiple blockchain networks
- Token swaps to disguise financial trails
- NFT purchases to mask high-value transfers
These funds were funneled through shell accounts and ultimately reached sanctioned figures, including Sim Hyon Sop and Kim Sang Man, both listed by the U.S. Treasury.
Chinyong IT and Crypto Laundering by North Korea
The investigation pointed to the Chinyong IT Cooperation Company, a subsidiary of North Korea’s Ministry of Defense, as the organizational backbone of this crypto laundering ring. Its CEO, Kim Sang Man, reportedly brokered transactions between operatives and the Foreign Trade Bank of North Korea.
“We will continue to cut off the financial lifelines that sustain the DPRK and its destabilizing agenda,” affirmed DOJ’s National Security Division’s Sue Bai.
The takedown aligns with DPRK RevGen, a U.S.-led initiative launched in 2024 to dismantle North Korea’s cyber-financial infrastructure.
Cyber Threats from North Korea Expand in the Crypto Space
The FBI’s actions come amid escalating concerns over crypto laundering by North Korea, particularly its infiltration of DeFi and blockchain ecosystems.
Analyst ZachXBT recently warned that North Korea is deeply embedded in the crypto space, using a mix of fraud, hacks, and laundering to bolster its economy. Notable cyber incidents tied to the regime include:
- The Bybit hack by Lazarus Group
- The DMM Bitcoin attack by TraderTraitor
- The Cetus breach, contributing to $244 million in losses
These events have drawn condemnation from the U.S., Japan, and South Korea, emphasizing the need for coordinated action.
Kraken Blocks North Korean Hacker Attempt
Just weeks ago, Kraken’s security team intercepted a North Korean hacker attempting to infiltrate the company through a job application. The individual used forged credentials in an attempt to gain internal access – a stark example of how aggressive these infiltration efforts have become.
Crypto Industry Must Brace for Ongoing Crypto Laundering by North Korea
The $7.7 million seizure is not only a win for law enforcement but a wake-up call for the blockchain industry. North Korea’s use of crypto to bypass sanctions remains an evolving threat.
Companies must:
- Enhance KYC and AML compliance
- Monitor for suspicious patterns
- Collaborate internationally to block crypto laundering by North Korea
“Crime may pay in other countries, but that’s not how it works here,” said U.S. Attorney Jeanine Ferris Pirro. “We will strike back and seize every illegal gain.”
