The United States government has taken a significant step in seizing over $7.7 million in cryptocurrency that was allegedly earned through a clandestine network of North Korean IT workers disguising themselves as foreign freelancers and funneling their earnings back to the North Korean government.
According to a civil forfeiture complaint filed in the District Court for the District of Columbia, the Department of Justice has alleged that North Korean operatives managed to secure employment at blockchain firms and other tech companies using stolen or forged identities. These workers were compensated in cryptocurrency, primarily stablecoins such as USDC and USDT, and employed sophisticated laundering techniques to obscure the origin of the funds before transferring them back to North Korea.
The primary objective of this operation was to circumvent U.S. sanctions and generate revenue for North Korea’s weapons program. The scheme was reportedly orchestrated by Sim Hyon Sop, a representative of North Korea’s Foreign Trade Bank, who was indicted in April 2023 for his involvement in similar activities. Sim collaborated with Kim Sang Man, the CEO of Chinyong, a state-affiliated IT firm operating under North Korea’s Ministry of Defense.
To conceal the illicit funds, the North Korean workers used various tactics such as creating fake accounts, splitting transactions into smaller amounts, utilizing token-swapping techniques, and investing in NFTs as a means of storing value. The funds navigated through a complex web of platforms and intermediaries before ultimately being funneled back to the North Korean government.
Matthew Galeotti, head of the DOJ’s Criminal Division, emphasized the North Korean government’s exploitation of the cryptocurrency ecosystem for illicit purposes and reiterated the department’s commitment to disrupting financial channels that support the regime’s activities.
In a related development, the FBI issued a warning regarding North Korean IT fraud perpetrated through the use of stolen American identities. The investigation revealed a widespread scheme targeting U.S. businesses by hiring North Korean workers posing as remote freelancers using stolen American identities. Assistant Director Roman Rozhavsky characterized this threat as sophisticated and urged companies to scrutinize their remote hiring practices.
The civil forfeiture complaint is part of a broader enforcement initiative launched in 2024 under the Department’s DPRK RevGen program, focusing on targeting North Korean operatives and their U.S.-based accomplices. The FBI’s Virtual Assets Unit and Chicago Field Office spearheaded the investigation, with support from cybercrime prosecutors and national security attorneys.
The objective of these enforcement actions is to sever North Korea’s ties to the global financial system and prevent the regime from leveraging cryptocurrency to evade U.S. sanctions. The government’s ongoing efforts underscore its commitment to combating illicit financial activities and safeguarding national security interests.