![[Weekly funding roundup May 31-June 6] VC inflow continues to remain stable](https://images.yourstory.com/cs/2/220356402d6d11e9aa979329348d4c3e/WeeklyFundingRoundupNewLogo1-1739546168054.jpg)
DOJ Seizes $7.7 Million in Crypto from North Korean IT Workers Reportedly Using Stolen U.S. IDs
Millions of dollars in cryptocurrency, allegedly earned by North Korean IT workers using stolen U.S. identities, now sit frozen as part of a sweeping U.S. forfeiture action aimed at dismantling a sophisticated sanctions-evasion network. The Department of Justice (DOJ) revealed this latest seizure reportedly as part of its ongoing efforts to disrupt illicit revenue streams that fund Pyongyang’s weapons development.A Digital Trail of DeceptionThe civil forfeiture complaint, filed in the District of Columbia, alleges that North Korean nationals posed as remote IT contractors, working for companies in the United States and elsewhere. Their goal was reportedly to generate hard-to-trace crypto income to funnel back to the regime in Pyongyang quietly. By using fake identities and securing jobs in blockchain development firms, they built up a digital pipeline worth a million.The funds, worth over $7.74 million, were initially frozen during an earlier case involving Sim Hyon Sop, an alleged Foreign Trade Bank representative working with these IT operatives. U.S. authorities claim Sim coordinated money flows between the workers and the North Korean government.“This forfeiture action highlights, once again, the North Korean government’s exploitation of the cryptocurrency ecosystem to fund its illicit priorities,” said Matthew R. Galeotti, Head of the Justice Department’s Criminal Division. “The Department will use every legal tool at its disposal to safeguard the cryptocurrency ecosystem and deny North Korea its ill-gotten gains in violation of U.S. sanctions.”According to the complaint, North Korean workers employed complex laundering techniques to obscure the funds' origins. These included using fictitious identities, “chain hopping” between blockchains, token swaps, and even purchasing NFTs to disguise value transfers.Once disguised, the cryptocurrency was rerouted through intermediaries, including Sim and Kim Sang Man, the CEO of Chinyong (a North Korean IT company linked to the military). FBI Unmasks North Korea’s Remote WorkforceThe FBI, which led the investigation, revealed that North Korea deployed these operatives in countries including China, Russia, and Laos. The workers used U.S.-based laptop farms and VPN obfuscation to hide their true locations. By assuming the identities of Americans, they duped U.S. companies into paying them in cryptocurrencies like USDC and USDT.In recent advisories, the FBI warned of increasing sophistication in North Korea’s tactics. Updated alerts were issued in October 2023 and May 2024, warning of tactics such as data theft and extortion, alongside employment fraud.The forfeiture action is part of the broader DPRK RevGen: Domestic Enabler Initiative, launched in March 2024. The program targets both U.S.-based enablers and North Korean collaborators operating abroad. Recent actions under this initiative span from criminal indictments to asset seizures, with activity in May, August, and December 2024, as well as January 2025. This article was written by Jared Kirui at www.financemagnates.com.
Millions of dollars in cryptocurrency, allegedly earned by North Korean IT workers using stolen U.S. identities, now sit frozen as part of a sweeping U.S. forfeiture action aimed at dismantling a sophisticated sanctions-evasion network.
The Department of Justice (DOJ) revealed this latest seizure reportedly as part of its ongoing efforts to disrupt illicit revenue streams that fund Pyongyang’s weapons development.
A Digital Trail of Deception
The civil forfeiture complaint, filed in the District of Columbia, alleges that North Korean nationals posed as remote IT contractors, working for companies in the United States and elsewhere.
Their goal was reportedly to generate hard-to-trace crypto income to funnel back to the regime in Pyongyang quietly. By using fake identities and securing jobs in blockchain development firms, they built up a digital pipeline worth a million.
The funds, worth over $7.74 million, were initially frozen during an earlier case involving Sim Hyon Sop, an alleged Foreign Trade Bank representative working with these IT operatives. U.S. authorities claim Sim coordinated money flows between the workers and the North Korean government.
“This forfeiture action highlights, once again, the North Korean government’s exploitation of the cryptocurrency ecosystem to fund its illicit priorities,” said Matthew R. Galeotti, Head of the Justice Department’s Criminal Division.
“The Department will use every legal tool at its disposal to safeguard the cryptocurrency ecosystem and deny North Korea its ill-gotten gains in violation of U.S. sanctions.”
According to the complaint, North Korean workers employed complex laundering techniques to obscure the funds' origins. These included using fictitious identities, “chain hopping” between blockchains, token swaps, and even purchasing NFTs to disguise value transfers.
Once disguised, the cryptocurrency was rerouted through intermediaries, including Sim and Kim Sang Man, the CEO of Chinyong (a North Korean IT company linked to the military).
FBI Unmasks North Korea’s Remote Workforce
The FBI, which led the investigation, revealed that North Korea deployed these operatives in countries including China, Russia, and Laos.
The workers used U.S.-based laptop farms and VPN obfuscation to hide their true locations. By assuming the identities of Americans, they duped U.S. companies into paying them in cryptocurrencies like USDC and USDT.
In recent advisories, the FBI warned of increasing sophistication in North Korea’s tactics. Updated alerts were issued in October 2023 and May 2024, warning of tactics such as data theft and extortion, alongside employment fraud.
The forfeiture action is part of the broader DPRK RevGen: Domestic Enabler Initiative, launched in March 2024. The program targets both U.S.-based enablers and North Korean collaborators operating abroad.
Recent actions under this initiative span from criminal indictments to asset seizures, with activity in May, August, and December 2024, as well as January 2025. This article was written by Jared Kirui at www.financemagnates.com.
