The Justice Department filed a civil forfeiture complaint on June 5, alleging that North Korean IT workers laundered more than $7.74 million in cryptocurrency to fund the country’s weapons program and evade U.S. sanctions.
According to court documents, the workers allegedly obtained remote jobs at blockchain and tech companies using fake identities and funneled the illegally earned cryptocurrency back to North Korea through a network of laundering techniques.
The funds were initially frozen in 2023 as part of a broader federal case targeting individuals and entities tied to North Korea’s Foreign Trade Bank.
Officials said the complaint is the latest effort to disrupt what they described as a long-running scheme by Pyongyang to exploit global crypto platforms and employment systems for profit.
“This forfeiture action highlights, once again, the North Korean government’s exploitation of the cryptocurrency ecosystem to fund its illicit priorities,” said Matthew Galeotti, head of the Justice Department’s Criminal Division. “The Department will use every legal tool at its disposal to safeguard the cryptocurrency ecosystem and deny North Korea its ill-gotten gains in violation of U.S. sanctions.”
The department said the IT workers operated from countries including China and Russia, using forged or stolen identification documents to secure employment. Their salaries—often paid in stablecoins such as USDC and USDT—were laundered through a mix of fake accounts, small-sum transfers, blockchain “chain hopping,” token swaps, NFT purchases, and U.S.-based platforms.
The scheme allegedly involved two North Korean nationals: Sim Hyon Sop, a Foreign Trade Bank official indicted in 2024, and Kim Sang Man, head of a North Korean IT company known as Chinyong. The company operates under North Korea’s Ministry of Defense and has been sanctioned by the Treasury Department since 2017. Both men were added to the Treasury’s Specially Designated Nationals list in 2023.
Jeanine Pirro, U.S. attorney for the District of Columbia, said foreign adversaries using criminal schemes to evade sanctions would be held accountable.
“Crime may pay in other countries, but that’s not how it works here,” she said. “Any adversary who thinks they can benefit, financially, from executing a criminal scheme—whether directly or through the use of surrogates—had better rethink this ‘get rich quick’ strategy.
“It doesn’t work for the average citizen, and it certainly does not have a more positive outcome for foreign entities. Sanctions are in place against North Korea for a reason, and we will diligently investigate and prosecute anyone who tries to evade them. We will halt your progress, strike back, and take hold of any proceeds you obtained illegally.”
The complaint stems from an investigation by the FBI’s Chicago Field Office and the bureau’s Virtual Assets Unit. Officials said the activity targeted in this case is part of a larger operation known as the DPRK RevGen: Domestic Enabler Initiative, which began in 2024 to disrupt revenue generation by North Korea and its global facilitators.
Roman Rozhavsky, assistant director of the FBI’s Counterintelligence Division, said the IT workers used stolen American identities to defraud companies and funnel money to North Korea.
“Today’s action shows the FBI will do everything in our power to protect Americans from being victimized by the North Korean government,” Rozhavsky said. “We ask all U.S. companies that employ remote workers to remain vigilant to this new and sophisticated threat.”
The FBI reiterated that U.S. businesses—especially those hiring remote tech workers—should closely screen for fraud and false identities, as North Korean operatives continue to target firms using stolen U.S. documents and credentials.
The Justice Department said that the June 5 forfeiture complaint builds on previous enforcement actions in 2024 and early 2025 targeting cryptocurrency theft, money laundering, and unauthorized IT contracting linked to North Korea.
Friends Read Free
Copy
Facebook
Tweet
