The District Court for the District of Columbia received a civil forfeiture complaint from the U.S. Department of Justice. More than $7.7 million in cryptocurrency that was purportedly earned by North Korean IT workers impersonating international freelancers is sought to be seized in the complaint.
These workers funnelled their earnings back to the North Korean government, violating U.S. sanctions by using stolen or forged identities to secure jobs at blockchain and tech firms.
How the Scheme Worked?
According to the complaint, North Korean operatives created false identities to land remote positions at blockchain development companies and other tech firms around the world.
These IT workers often operated from countries like China and Russia. They were paid in stablecoins. By hiding their true locations and using fake documents, they avoided detection. After earning these digital funds, the workers laundered the money through a series of steps.
They set up accounts with made-up identities, moved funds in small amounts, converted cryptocurrencies across different blockchains, and even purchased non-fungible tokens to mask the origin of the assets.
To provide the impression that their transactions were authentic, they occasionally used accounts located in the United States.
Legal Actions and Sanctions
The funds were first frozen in connection with an April 2023 indictment against Sim Hyon Sop, a representative of the North Korean Foreign Trade Bank. The charges alleged that Sim conspired with these IT workers to amass millions in cryptocurrency.
In May 2023, the Office of Foreign Assets Control added both Sim and Kim Sang Man, the CEO of a company called Chinyong, which operates under North Korea’s Ministry of Defence, to the Specially Designated Nationals list.
On June 1, 2017, OFAC classified Chinyong to help North Korea’s military programs. Using Kim as a middleman, Chinyong transfers money from its North Korean IT workers to Sim and other North Korean officials in nations like Russia and Laos.
Reactions from U.S. Officials
“Our action shows the North Korean government’s use of cryptocurrency to fund illicit goals,” said Matthew R. Galeotti, head of the Justice Department’s Criminal Division.
U.S. Attorney Jeanine Pirro for the District of Columbia warned that anyone who thinks they can profit from such schemes will be caught and prosecuted.
Previous Efforts to Disrupt North Korean Revenue
In March 2024, the Justice Department launched the DPRK RevGen: Domestic Enabler Initiative, which includes the forfeiture action. The National Security Division and the FBI’s Cyber and Counterintelligence Divisions collaborate on this project.
Since its launch, the U.S. has disrupted North Korean revenue streams in May 2024, August 2024, December 2024, and January 2025. These efforts have targeted U.S. persons facilitating remote IT work and their North Korean collaborators.
The latest forfeiture action underscores how North Korea continues to exploit the global cryptocurrency ecosystem and remote work to fund its government and military activities.