The U.S. Department of Justice (DOJ) has seized over $7.7 million in cryptocurrency connected to a scheme involving North Korea crypto sanctions evasion. This case reveals how North Korean IT operatives used fraudulent remote job setups and stolen American identities to bypass sanctions and funnel crypto to the regime.
Fake IDs Used to Evade Sanctions
Court documents filed in Washington, D.C. show that North Korean nationals posed as U.S. citizens to secure employment at American blockchain and tech companies. These agents passed KYC (Know Your Customer) checks using stolen or fake IDs.
Salaries were paid in stablecoins such as USDT and USDC, then covertly sent to North Korea to support its highly sanctioned military programs.
“This operation reflects an ongoing effort by the North Korean government to exploit the U.S. workforce and launder earnings in crypto,” said FBI Assistant Director Roman Rozhavsky.
Tactics Behind North Korea Crypto Sanctions Evasion
The actors involved in North Korea crypto sanctions evasion used advanced laundering techniques to mask financial flows:
- Chain-hopping across different blockchains
- Token swaps to obfuscate trails
- NFT purchases to hide large transactions
Funds moved through shell accounts and were ultimately routed to sanctioned individuals like Sim Hyon Sop and Kim Sang Man.
Chinyong IT’s Role in the Scheme
The Chinyong IT Cooperation Company, under North Korea’s Ministry of Defense, allegedly coordinated the IT operatives. CEO Kim Sang Man is believed to have served as a key intermediary between the agents and North Korea’s Foreign Trade Bank.
“For years, North Korea has misused crypto and global contracting systems. Our mission is to block these financial lifelines,” said Sue Bai of the DOJ’s National Security Division.
This takedown is part of the DPRK RevGen initiative, launched in 2024 to dismantle the regime’s digital funding operations.
North Korea’s Deeper Push into Crypto
The DOJ’s action against North Korea crypto sanctions evasion highlights growing concern over its reach in decentralized finance (DeFi). Blockchain expert ZachXBT warned that North Korea continues to use crypto platforms to launder stolen funds and fuel government operations.
Recent hacks linked to North Korean groups include:
- The Bybit breach by Lazarus Group
- DMM Bitcoin incident tied to TraderTraitor
- Cetus exploit, contributing to $244M in losses
These events prompted joint condemnation from the U.S., Japan, and South Korea.
New Incident: Kraken Blocks Hacker Attempt
A recent example of North Korea crypto sanctions evasion in action involved a hacker posing as a job seeker to infiltrate crypto exchange Kraken. The company’s security team thwarted the attempt, which involved forged documentation.
This incident reinforces the urgent need for companies to strengthen KYC, monitor hiring practices, and stay alert to state-backed threats.
Final Thoughts
The DOJ’s seizure of $7.7 million highlights the increasing sophistication of North Korea crypto sanctions evasion. Through fake identities, remote work fraud, and advanced crypto laundering, the regime continues to exploit global systems.
“We will halt your progress, strike back, and take hold of any proceeds you obtained illegally,” said U.S. Attorney Jeanine Ferris Pirro.
As the threat persists, international coordination and stronger private-sector vigilance will be essential.