$7.7M Laundered in Crypto Using Stolen US Identities by North Korean IT Workers

The US Department of Justice (DOJ) has seized more than $7.74 million linked to an alleged North Korean money laundering operation designed to bypass international sanctions.

The civil forfeiture action, filed in the US District Court for the District of Columbia, stems from an investigation into a sophisticated scheme in which North Korean IT operatives used stolen American identities to secure remote work with US-based blockchain and technology firms.

By posing as US citizens, these individuals exploited hiring platforms and intermediaries to obtain salaries—often paid in stablecoins like USDC and USDT—which were then laundered and funnelled back to support North Korea’s weapons development programme.

Assistant Director Roman Rozhavsky of the FBI Counterintelligence Division stated:

“The FBI’s investigation has revealed a massive campaign by North Korean IT workers to defraud U.S. businesses by obtaining employment using the stolen identities of American citizens. All so the North Korean government can evade US sanctions and generate revenue for its authoritarian regime.”

According to the FBI, the operatives bypassed Know-Your-Customer (KYC) protocols using forged or stolen IDs and employed a variety of laundering tactics, including chain hopping, token swapping, and even NFT purchases to obscure the origin of funds.

The digital assets were routed through shell accounts and ultimately traced to sanctioned senior regime officials, including Sim Hyon Sop and Kim Sang Man.

The DOJ’s action is part of the broader DPRK RevGen initiative, aimed at disrupting North Korea’s illicit cyber-financial networks.

The case underscores a growing threat to the crypto industry.

In a recent incident, Kraken’s security team reportedly identified and blocked a North Korean agent who had applied for a job using falsified credentials, seeking insider access to the exchange.

The attempted infiltration highlights the increasingly audacious lengths to which the regime’s IT proxies will go to compromise US platforms and redirect funds to Pyongyang.

Dark Web Busts, Exchange Hacks Expose Crypto Security Risks

The DOJ has revealed that North Korean IT operatives were working from China, Russia, and Laos under the guise of the Chinyong Information Technology Cooperation Company—a firm directly subordinate to North Korea’s Ministry of Defense.

At the center of the operation is Kim Sang Man, Chinyong’s CEO, who allegedly served as a key conduit between the IT workers and North Korea’s sanctioned Foreign Trade Bank, facilitating the laundering of illicit crypto earnings.

Sue Bai of the DOJ’s National Security Division noted:

“For years, North Korea has exploited global remote IT contracting and cryptocurrency ecosystems. We will continue to cut off the financial lifelines that sustain the DPRK and its destabilizing agenda.”

This scheme is part of a broader campaign known as DPRK RevGen, launched in 2024 to dismantle North Korea’s cyber-financial infrastructure.

The initiative builds on a series of DOJ actions that include criminal indictments, asset seizures, and expanded sanctions enforcement targeting the regime’s crypto-fuelled revenue channels.

The urgency of these efforts is underscored by recent developments in the digital asset space.

In May alone, an estimated $244 million in crypto was lost—much of it linked to breaches like the Cetus exploit, which has been traced to North Korean actors.

The scope of the threat is growing.

Bybit recently suffered a breach attributed to the Lazarus Group, a well-known North Korean cybercrime organisation, while Japan’s DMM Bitcoin hack was tied to the regime-affiliated TraderTraitor group.

The escalating attacks have drawn condemnation from the US, Japan, and South Korea, which have jointly warned that North Korea’s abuse of cryptocurrency poses a serious threat to international security.

Blockchain investigator ZachXBT recently echoed that sentiment, warning that North Korea is everywhere in the crypto and DeFi ecosystem.

US Attorney Jeanine Ferris Pirro said:

“Crime may pay in other countries but that’s not how it works here…We will halt your progress, strike back, and take hold of any proceeds you obtained illegally.”