North Korea Charged With $1 Million Crypto Theft From Blockchain Startup

The Department of Justice (DOJ) has charged four North Korean nationals with wire fraud and money laundering, accusing them of stealing nearly $1 million in cryptocurrency from a blockchain startup. The suspects, identified as Kim Kwang Jin, Kang Tae Bok, Jong Pong Ju, and Chang Nam Il, posed as remote IT developers using fake and stolen identities to conceal their North Korean citizenship.

According to the DOJ, the group initially operated from the United Arab Emirates in 2019 before securing jobs at an Atlanta-based blockchain startup and a Serbian virtual token company between late 2020 and mid-2021. The defendants submitted fraudulent documents, including stolen and fabricated IDs, to secure these positions. This tactic was described by US Attorney Theodore S. Hertzberg as a “unique threat” to businesses hiring remote IT workers.

Once inside the companies, the defendants used their privileged access to steal substantial sums. In February 2022, Jong siphoned approximately $175,000 in crypto. The following month, Kim exploited the source code of smart contracts to steal an additional $740,000. The stolen funds were then laundered through mixers and sent to exchange accounts controlled by Kang and Chang, all set up using fraudulent Malaysian IDs.

Assistant Attorney General for National Security John A. Eisenberg stated that these schemes are designed to evade sanctions and fund the North Korean regime’s illicit programs, including its weapons programs. The case is part of the DOJ’s DPRK RevGen: Domestic Enabler Initiative, a program launched in 2024 targeting North Korea’s illicit revenue streams and US-based enablers.

In a related incident, federal agents conducted coordinated raids across 16 states, seizing nearly 30 financial accounts, over 20 fraudulent websites, and roughly 200 computers from so-called “laptop farms” that enabled North Korean operatives to appear as though they were working from the US. The DOJ announced that the schemes involved North Korean IT workers posing as US citizens using stolen identities to gain jobs at over 100 American companies, funneling millions to Pyongyang and even accessing sensitive military data.

Last month, the DOJ filed a civil forfeiture complaint to seize $7.74 million in crypto allegedly earned by North Korean IT workers posing as remote blockchain contractors using fake identities. This incident highlights the growing threat of state-sponsored cybercrime and the need for enhanced cybersecurity measures, especially when dealing with remote employees and third-party contractors.

The DOJ's indictment underscores the increasing sophistication of cyber threats, particularly those emanating from state actors. The use of stolen credentials and the exploitation of remote work arrangements demonstrate the vulnerabilities that can be exploited in the digital age. This incident serves as a stark reminder for companies to enhance their cybersecurity measures, especially when dealing with remote employees and third-party contractors.

The case also sheds light on the broader issue of cryptocurrency theft, which has become a lucrative target for cybercriminals. The decentralized and often anonymous nature of cryptocurrencies makes them an attractive option for illicit activities. This incident underscores the need for robust security protocols and continuous monitoring to protect against such threats.

The DOJ's swift action in charging the suspects sends a clear message that cybercrime will not be tolerated, regardless of its origin. The indictment serves as a deterrent to other potential cybercriminals and emphasizes the importance of international cooperation in combating cyber threats. As the digital landscape continues to evolve, so too must the strategies and technologies used to protect against these ever-present dangers.