North Korea Loses $7.74 Million in USDC Seized by DOJ

The US Department of Justice has taken a significant step in combating state-sponsored cybercrime by seizing $7.74 million in USDC linked to an alleged North Korean laundering scheme. This action is part of a broader effort to disrupt North Korea’s illicit financial activities, which have been used to fund its weapons development programs.

North Korean IT operatives have been exploiting stolen American identities to secure remote employment with US blockchain and technology firms. These operatives receive salaries in stablecoins such as USDC and USDT, which are then covertly transferred back to North Korea through complex laundering mechanisms. The FBI investigation revealed that these operatives bypassed stringent Know Your Customer (KYC) checks by using fraudulent or stolen identification documents, allowing them to gain access to remote roles via job platforms and intermediaries based in the United States.

The primary objective of these operations is to generate cryptocurrency revenue to sustain North Korea’s heavily sanctioned weapons development programs. Assistant Director Roman Rozhavsky of the FBI Counterintelligence Division emphasized the scale of the deception, stating that North Korean IT workers have been defrauding US businesses by obtaining employment using the stolen identities of American citizens. This allows the North Korean government to evade US sanctions and generate revenue for its authoritarian regime.

Once the cryptocurrency was obtained, the operatives employed sophisticated laundering strategies, including “chain hopping” — the practice of moving assets across multiple blockchains to obscure their origin. Additional tactics involved token swapping and purchasing NFTs to further complicate tracking efforts. The laundered funds were funneled through shellSHEL-- accounts before reaching senior North Korean officials, including individuals sanctioned by the US Treasury such as Sim Hyon Sop and Kim SangSANG-- Man.

These operations were reportedly coordinated through the Chinyong IT Cooperation Company, a front organization subordinate to North Korea’s Ministry of Defense. The DOJ filing highlights Kim Sang Man’s role as an intermediary between the operatives and North Korea’s Foreign Trade Bank, facilitating the transfer of illicit crypto proceeds.

In a notable incident, Kraken’s security team intercepted a North Korean hacker posing as a legitimate job candidate using forged credentials, underscoring the regime’s persistent attempts to infiltrate US-based crypto firms. This event aligns with broader patterns of cyber intrusions linked to North Korea, including the Bybit breach and the DMM Bitcoin hack, both attributed to North Korean hacker groups Lazarus and TraderTraitor respectively.

The DOJ’s ongoing efforts form part of the DPRK RevGen initiative, launched in 2024 to dismantle North Korea’s cyber-financial infrastructure. This initiative has led to multiple indictments, asset seizures, and enhanced sanctions enforcement targeting the regime’s illicit crypto activities. Sue Bai of the DOJ’s National Security Division stated, “For years, North Korea has exploited global remote IT contracting and cryptocurrency ecosystems. We will continue to cut off the financial lifelines that sustain the DPRK and its destabilizing agenda.”

The United States, Japan, and South Korea have jointly condemned North Korea’s illicit use of cryptocurrency, emphasizing its detrimental impact on international security. US Attorney Jeanine Ferris Pirro declared, “Crime may pay in other countries but that’s not how it works here…We will halt your progress, strike back, and take hold of any proceeds you obtained illegally.”

Blockchain investigators, including ZachXBT, have raised alarms about North Korea’s pervasive presence in crypto and decentralized finance (DeFi) ecosystems, linking recent multi-million dollar thefts to the regime. These developments highlight the urgent need for enhanced cybersecurity measures and international cooperation to counteract North Korea’s evolving crypto-financial threats.

The DOJ’s seizure of $7.74 million laundered by North Korean operatives marks a significant milestone in the fight against state-sponsored cybercrime and illicit cryptocurrency use. By exposing the sophisticated methods used to infiltrate US blockchain firms and launder crypto earnings, authorities are disrupting critical funding channels for North Korea’s weapons programs. Continued vigilance, robust KYC enforcement, and international collaboration remain essential to curtailing these threats and safeguarding the integrity of the global crypto ecosystem.