North Korean Hackers Charged for $1 Million Crypto Theft

The U.S. Department of Justice has charged four North Korean nationals for their involvement in a sophisticated cryptocurrency theft scheme, resulting in the loss of nearly $1 million from American and international blockchain companies. The indictment, released on Monday, June 30, details how the suspects, identified as Kim Kwang Jin, Kang Tae Bok, Jong Pong Ju, and Chang Nam Il, posed as remote IT workers to gain access to sensitive systems and drain crypto wallets. This operation is believed to be part of a broader effort to fund the North Korean regime.

The defendants allegedly used fake identities and stolen personal information to secure positions at a blockchain R&D firm in Atlanta and a Serbian virtual token company. Once hired, Kim and Jong were granted access to virtual asset systems. Jong is accused of stealing approximately $175,000 in February 2022, while Kim modified the employer’s smart contract source code to take an additional $740,000 a month later. The stolen funds were then laundered using crypto mixers and sent through exchange accounts opened with fake Malaysian IDs, which were allegedly controlled by Kang and Chang.

This incident highlights a growing trend of North Korean hackers employing cyber tactics to evade sanctions and steal from unsuspecting companies. Crypto security experts have raised concerns about this trend, noting that DPRK-linked developers are increasingly appearing in the crypto job market. These individuals use fake resumes to gain internal access and quietly drain funds from their employers.

The tactics employed by these North Korean IT workers are not new. They have a long-running presence in the crypto industry, often linked to some of the most significant and damaging thefts ever recorded. In April, it was reported that DPRK-linked IT workers have been infiltrating crypto and tech companies across several countries, using fake identities and forged references. These workers typically seek roles involving blockchain and smart contract development, positions that put them close to sensitive systems and assets.

Some of these IT contractors also act as front-line operators for state-sponsored hacking units like the Lazarus Group, which has been linked to high-profile crypto thefts. The Lazarus Group was behind the $600 million Ronin Bridge hack in 2022 and was also flagged for involvement in the $1.4 million Bybit attack earlier this year.

FBI special agent Paul Brown emphasized the agency's commitment to exposing these threats. "North Korean operatives used false identities to infiltrate companies and steal digital assets to fund their regime," he stated. The FBI remains dedicated to enforcing actions against these malicious actors, ensuring that such cybercrimes do not go unpunished.