The United States government has taken action to seize millions of dollars in cryptocurrency that was funneled to North Korea through a network of fake IT workers embedded in blockchain companies. This forfeiture action, initiated by the U.S. Department of Justice, aims to confiscate over $7.74 million in digital assets that were allegedly earned through illicit employment and money laundering schemes in order to evade U.S. sanctions.
The funds in question were initially frozen in April 2023 after the indictment of Sim Hyon Sop, a representative of the North Korean Foreign Trade Bank based in China. Sop is accused of conspiring with North Korean IT workers to funnel crypto earnings back to the regime. It is alleged that these funds were part of a coordinated laundering effort that involved various techniques such as chain hopping, token swaps, and the use of fictitious identities to conceal their origin.
The DOJ’s complaint, filed in a federal court in Washington D.C., targets multiple forms of digital property including Bitcoin, stablecoins, non-fungible tokens, and Ethereum Name Service domains. These operations are said to be part of a larger effort by North Korea to bypass international sanctions and finance its weapons program through cyber-enabled revenue streams.
North Korean operatives have been implicated in some of the biggest cryptocurrency heists in recent years, with malicious IT workers playing a key role in breaching blockchain companies from within. These individuals often secure remote jobs at crypto and tech firms under stolen or fabricated identities, requesting payment in stablecoins like USDC and Tether to disguise their locations.
These illicit earnings are then funneled back to the regime through various laundering techniques, including fake accounts, small-value transfers, cross-chain swaps, and NFT purchases. North Korean IT workers have been expanding their operations, adapting their tactics, and shifting targets as enforcement efforts intensify.
A report from Google’s Threat Intelligence Group in April 2025 revealed that North Korean IT operatives were increasingly targeting European blockchain companies after facing heightened scrutiny in the United States. One such attempt was intercepted by cryptocurrency trading platform Kraken, where a job applicant raised suspicions during the recruitment process, leading to the discovery of a network of North Korean infiltrators within the crypto industry.
The U.S. government’s actions against North Korean cyber-enabled revenue streams are part of a broader initiative aimed at disrupting the regime’s financial networks. With authorities ramping up efforts to combat illicit activities in the crypto space, it is clear that more aggressive measures are necessary to counter the growing threat posed by North Korean operatives in the blockchain industry.