DOJ Targets $7.7M in Crypto Linked to North Korean IT Worker Fraud Scheme

North Korean IT workers used fake identities to earn crypto through U.S. tech jobs and bypass sanctions.

The DOJ is seizing $7.7 million in crypto that was funneled to North Korea through hidden online transactions.

Officials linked the scheme to known North Korean agents who used crypto tools to hide the money trail.

The U.S. Department of Justice (DOJ) has launched action to seize over $7.7 million in cryptocurrency. Officials say North Korean IT workers earned the funds by posing as foreign freelancers. They allegedly used stolen or fake identities to secure remote jobs at blockchain and tech firms.

The DOJ filed a civil forfeiture complaint in Washington, D.C., outlining how the scheme unfolded. The workers received cryptocurrency payments, mainly in stablecoins such as USDC and USDT. These funds were then funneled through a series of deceptive transactions to avoid detection.

North Korea's Sanctions Evasion Tactics

According to the complaint, the goal was to bypass U.S. sanctions and support North Korea’s weapons development programs. The workers reportedly used several methods to hide the origins of the payments. This included token-swapping, breaking transactions into smaller pieces, and opening accounts under false names.

Authorities say the operation links back to Sim Hyon Sop. He is a representative of North Korea’s Foreign Trade Bank and was indicted earlier for related crimes. Sim is believed to have worked closely with Kim Sang Man, who runs Chinyong, a North Korean IT firm. That company is reportedly tied to North Korea’s Ministry of Defense.

Crypto Payments Laundered Through Complex Channels

The DOJ says the workers moved money using a wide network of platforms, middlemen, and crypto tools. These methods helped disguise the origin of the payments before transferring them to North Korean authorities. The scheme also included the purchase of NFTs. These assets were used to store and shift funds anonymously.

Officials have confirmed that the operation allowed North Korea to access international financial markets indirectly. It enabled the regime to sidestep sanctions and use the crypto sector for revenue generation. The DOJ has stated its intent to pursue legal tools to recover the funds and block similar actions.

Wider Network of Fraud in the Crypto Sector

U.S. officials say this is part of a broader pattern of North Korean activity in the crypto world. North Korean workers have increasingly targeted blockchain firms across the globe. They pose as qualified developers and infiltrate companies with fake resumes and foreign identities.

A report from Google’s security team in April noted expanded targeting in Europe. This followed tighter enforcement in the United States. Experts say North Korea now builds fake companies in the U.S. to appear legitimate.

Investigators say these fake companies submit legal paperwork and adopt real business identities. They use social engineering to trick developers and deploy malware in systems before federal agencies intervene.