A complex fraud operation involving North Korean nationals has exploited remote IT jobs at American and international blockchain firms, stealing nearly $1 million in cryptocurrency and exposing sensitive company data.
The US Department of Justice (DOJ) revealed new charges against four North Korean suspects accused of posing as remote IT workers, using stolen and fake identities to infiltrate companies in the US and Serbia.
Kim Kwang Jin, Kang Tae Bok, Jong Pong Ju, and Chang Nam Il operated covertly, initially from the UAE in 2019, before securing remote IT positions at an Atlanta blockchain startup and a Serbian virtual token firm.
To hide their true nationality, they used falsified documents and stolen IDs, a method described by US Attorney Theodore S. Hertzberg as a “unique threat” to businesses that hire remote IT contractors without thorough verification.
Once inside these companies, the defendants abused their privileged access: Jong siphoned around $175,000 in cryptocurrency in early 2022, while Kim exploited smart contract source code to steal roughly $740,000 the following month.
The stolen funds were laundered using mixers and routed through exchange accounts created with fake Malaysian IDs, authorities said.
The operation extended beyond the North Korean nationals.
US citizens Zhenxing “Danny” Wang and Kejia Wang, both from New Jersey, were indicted for helping the North Koreans by managing “laptop farms” — setups where devices belonging to legitimate US companies were housed, allowing overseas workers to appear as if they were working stateside.
The facilitators created shell companies, fake websites, and financial accounts to legitimise the scheme and funnel payments overseas.
According to the DOJ, the Wang duo and four other US residents earned nearly $700,000 in fees while assisting the operation, which also involved several Chinese and Taiwanese nationals.
This group helped compromise the identities of over 80 US citizens, enabling North Koreans to work at more than 100 American companies, including some Fortune 500 firms.
The resulting legal fees and remediation have cost victims at least $3 million.
Beyond theft, the North Korean workers accessed sensitive employer data and source code, including materials restricted under International Traffic in Arms Regulations (ITAR).
One notable target was a California-based defence contractor developing AI-powered military technology.
The DOJ highlighted that an active-duty US military member with a Secret security clearance was involved in facilitating the operation, revealing the broad national security risks.
In response, authorities have conducted multiple raids across the country, seizing laptops, servers, websites, and financial accounts linked to the scheme.
In October 2024 alone, searches at eight sites in three states uncovered more than 70 devices, with additional raids in mid-2025 resulting in the confiscation of nearly 150 laptops from “laptop farms” in 14 states.
Laptop farms are physical locations where laptops owned by US companies are kept and remotely accessed by overseas workers.
This setup enables North Koreans to bypass geographic restrictions and appear as legitimate US employees.
FBI Assistant Director Roman Rozhavsky warned that hosting such farms may unintentionally aid North Korea’s illicit schemes and urged companies to scrutinise their remote workforce carefully.
The DOJ’s Domestic Enabler Initiative focuses on disrupting these revenue streams that support North Korea’s sanctioned weapons programmes.
The recent coordinated crackdown includes three indictments, one arrest, and the shutdown of 21 websites connected to the fraud network.
Zhenxing Wang faces five criminal counts after being apprehended in New Jersey, while others remain at large.
Roman Rozhavsky said,
“The FBI will do everything in our power to defend the homeland and protect Americans from being victimised by the North Korean government.”
The DOJ also emphasises that investigations are ongoing and further enforcement actions are expected.
This case raises pressing questions about the vulnerabilities of remote work models, especially when access to sensitive data and systems crosses borders.
The balance between flexible hiring and national security appears increasingly fragile as bad actors exploit identity theft and technology loopholes.
As companies expand remote teams globally, the challenge remains: how to prevent malicious foreign interference without stifling the benefits of remote talent?
Mr Beast removed an AI thumbnail tool after backlash from YouTubers who said it copied their styles and used their work without permission. He replaced it with a feature that lets users hire real thumbnail artists instead.
AnaisIran’s biggest crypto exchange, Nobitex, was hit by a major cyberattack linked to an Israeli hacker group, causing losses of around \$90 million and major service disruption. The platform is now restoring wallets in phases with stricter ID checks, while facing growing pressure from regulators and users.
AnaisNorth Korea-linked hackers stole $3.2 million in crypto from Solana wallets and moved the funds to Ethereum. They laundered nearly $2 million using Tornado Cash, with over $1 million still sitting in an Ethereum wallet.
AnaisA new report shows that 27% of South Koreans aged 20 to 50 now own crypto, with many white-collar workers using it for savings and retirement planning. As investing habits shift from hype to strategy, banking limits and economic pressure are shaping how people use digital assets.
WeatherlyA Russian influencer known as “Bitmama” was sentenced to seven years in prison for scamming investors out of $23 million in a fake Bitcoin investment scheme. She promised to convert cash into crypto abroad but instead kept the money, and tried to flee before being arrested at the border.
AnaisJapanese firm Metaplanet bought 1,005 Bitcoin for $108 million, becoming one of the top corporate Bitcoin holders. The company plans to grow its Bitcoin holdings significantly by 2027, using interest-free bonds to fund purchases.
WeatherlyCircle has applied for a national trust bank licence in the US to launch a fully regulated digital currency bank that will manage USDC reserves and offer asset custody to institutions. This move follows its $18 billion IPO and shows its shift toward stricter compliance and deeper ties with traditional finance.
AnaisMeta has created a new AI division called Meta Superintelligence Labs and hired top researchers from OpenAI, Google DeepMind, and Anthropic. The move has sparked tensions in the industry, with reports of massive bonuses and concerns about a growing talent war.
WeatherlyJD.com has denied launching any stablecoin or forming partnerships linked to one, warning the public about scams using its name. The company said it may take legal action against those spreading false claims, especially as fraudsters push fake investment schemes online.
AnaisNorth Korean nationals used fake identities to get remote IT jobs at US blockchain firms, stealing nearly $1 million in crypto and accessing sensitive data. The scheme involved US and Asian facilitators, with the DOJ cracking down through arrests, raids, and website shutdowns.
Weatherly