- Trending
- Comments
- Latest
The U.S. Department of Justice (DOJ) has moved to confiscate $7.74 million in cryptocurrency tied to a covert network of North Korean hackers who posed as freelance IT workers to infiltrate U.S. firms. Court documents reveal these operatives used fake identities, AI-generated personas, and sophisticated laundering tactics to funnel money back to Pyongyang, directly violating international sanctions.
According to the DOJ’s forfeiture complaint, North Korean hackers secured remote jobs at U.S. blockchain companies by assuming stolen or fabricated identities. Paid in stablecoins like USDC and Tether, they laundered earnings through a web of crypto exchanges, NFT purchases, and mixers before transferring funds to government-linked intermediaries.
“This was not just freelance work—it was a state-sponsored payroll,” said Sue J. Bai, head of the DOJ’s National Security Division. “North Korean hackers systematically defrauded American businesses to bankroll missile programs and bypass sanctions.”
The scheme allegedly involved:
Sim Hyon Sop, a North Korean Foreign Trade Bank official indicted in 2023 for conspiring with IT workers.
Kim Sang Man, a CEO tied to Pyongyang’s Ministry of Defense, facilitated fund transfers.
Investigators warn that North Korean hackers are increasingly leveraging AI-generated resumes, deepfake interviews, and fake portfolios to appear legitimate. The DOJ noted operatives were stationed in China, Russia, and Laos, with accomplices in the U.S. and UK helping them bypass employment checks.
“They’re not just hacking systems; they’re hacking hiring processes,” said Roman Rozhavsky of the FBI’s Counterintelligence Division.
Security firm Chainalysis estimates such operations have netted Pyongyang hundreds of millions annually, with one 2023 case alone involving $88 million in illicit earnings.
The revelation comes as G7 nations prepare to discuss North Korea’s crypto hacking operations at an upcoming summit. A Bloomberg report suggests leaders will push for stricter KYC (Know Your Customer) rules on crypto payroll systems and freelance platforms.
Meanwhile, Google’s Threat Intelligence Group confirmed North Korean hackers have expanded beyond the U.S., embedding in European blockchain startups, including Solana-based projects in Germany and Serbia.
Sanctions evasion: The scheme directly funds North Korea’s weapons programs.
Corporate vulnerability: Fake IT workers have already infiltrated critical infrastructure.
AI arms race: Generative tools make fraud harder to detect.
As Andrew Fierman of Chainalysis warned, “North Korean hackers are perfecting the art of hiding in plain sight. Every unverified remote hire could be a liability.”
Copyright © 2025 - The Bit Gazette.
