DOJ Seizes $7.7 Million in Crypto Tied to North Korean Sanctions Evasion Scheme
North Korean IT workers posed as U.S. citizens to earn crypto through fraudulent employment, laundering funds back to Pyongyang
The Justice Department has filed a civil forfeiture complaint in federal court alleging North Korean IT workers used stolen identities to illegally gain employment with U.S. companies, earning millions in cryptocurrency that was funneled back to the North Korean government in violation of U.S. sanctions. Authorities have seized over $7.74 million linked to the scheme.
The funds were first flagged during a 2023 indictment of Sim Hyon Sop, a North Korean Foreign Trade Bank representative accused of conspiring with the IT workers. According to prosecutors, these workers were stationed in countries like China and Russia and used fake or stolen documentation to get hired, concealing their identities and earning pay in stablecoins such as USDC and USDT.
The complaint outlines how the funds were laundered using tactics like fake accounts, chain-hopping, NFT purchases, and the use of U.S.-based crypto platforms. The laundered crypto was ultimately routed back to the North Korean regime, at times through Sim and Kim Sang Man, the CEO of Chinyong, a company tied to North Korea’s Ministry of Defense and added to the U.S. sanctions list in 2023.
The forfeiture action follows multiple DOJ crackdowns under the “DPRK RevGen: Domestic Enabler Initiative,” a campaign launched in March 2024 targeting domestic and foreign collaborators in North Korea’s revenue generation network.
Federal prosecutors say the scheme highlights North Korea’s evolving abuse of the crypto and IT sectors to bankroll its weapons program. The FBI warned U.S. companies to stay alert for fraudulent remote worker schemes, issuing updated advisories through 2025.
Read the DOJ Press Release
 | A guest post by
|