On June 5, 2025, the US Department of Justice (DOJ) filed a verified civil forfeiture complaint in the US District Court for the District of Columbia, aiming to forfeit over $7.7 million in cryptocurrency, NFTs, and digital assets allegedly linked to a global laundering scheme directed by North Korea. Here are the details of the case:
Modus Operandi of North Korean Hackers
False Identity Employment: North Korean IT workers used falsified identities to get jobs at US and foreign tech firms, especially in the blockchain and decentralized finance sectors. They took on roles such as software development, smart contract engineering, and blockchain infrastructure. They hid their North Korean origin using virtual private networks, stolen or forged identity documents, and obfuscation techniques. Employers paid them in stablecoins like USDC and USDT, unaware of the deception.
Fund Laundering: After receiving payment, the IT workers transferred the funds through self – custodied wallets, centralized exchanges, and alternate chains. They fragmented transfers, used privacy – enhancing technologies, and converted to fiat currency through over – the – counter brokers. The funds were ultimately funneled to the North Korean regime, with some going to Sim Hyon Sop, a representative of North Korea’s sanctioned Foreign Trade Bank, and Kim Sang Man, CEO of an IT company subordinate to North Korea’s Ministry of Defense.
Related Criminal Activities: The funds obtained by North Korean hackers include those from exchange hacks, such as the $1.5 billion Bybit exploit on February 21, 2025, attributed to the Lazarus Group. In recent years, North Korea has increasingly shifted to operations involving legitimate employment through deception. The use of IT workers as vectors for revenue generation has grown, accounting for a rising share of the regime’s crypto intake.
Assets Sought for Forfeiture: The DOJ is seeking the forfeiture of cryptocurrency assets including ETH, USDT, USDC, and altcoins, as well as high – value NFTs and Ethereum Name Service (ENS) domain names. Wallets associated with laundering flows were hosted across multiple exchanges and included unhosted addresses used to receive and pool fraud proceeds.
According to security experts, North Korea’s use of AI – generated personas and deepfake technology in such schemes is a growing threat, potentially generating hundreds of millions of dollars annually for the regime.
Related topic:
- The US SEC has ended its multi-year review of Coinbase’s financial disclosures without requiring the company to revise or restate them
- Singaporean digital investment platform Syfe has successfully completed a $53 million Series C2 financing round
- Global political, economic and technological dynamics are intertwined: fluctuations in the crypto market, the release of AI models and policy adjustments
