US Seeks Forfeiture of $7.7M in Crypto Linked to North Korean IT Workers

The United States Department of Justice (DOJ) has filed a civil forfeiture complaint seeking to seize approximately $7.74 million in cryptocurrency allegedly connected to a scheme involving North Korean IT workers.

According to a June 5 press release from the DOJ, the funds were earned by remote workers using falsified identities to gain employment at blockchain-related firms.

These individuals, operating on behalf of the North Korean government, reportedly used the crypto ecosystem to evade US sanctions and funnel illicit gains back to the Democratic People’s Republic of Korea (DPRK).

Remote Employment, Blockchain Firms, and Laundering Tactics

The frozen funds are tied to an ongoing investigation that began with an indictment in April 2023 against Sim Hyon Sop, a China-based representative of North Korea’s Foreign Trade Bank.

Sim is accused of working alongside North Korean IT professionals to launder proceeds through various tactics. US officials say the seized funds represent part of a broader effort by the North Korean government to use the global cryptocurrency infrastructure to generate revenue in defiance of international sanctions.

According to the DOJ complaint, the DPRK has increasingly deployed IT workers across jurisdictions including China and Russia, instructing them to find employment in the blockchain and tech sectors.

These workers allegedly bypassed know-your-customer (KYC) and due diligence procedures by using stolen or forged documents to disguise their identities and locations. Their work, often compensated in stablecoins such as USDC or USDT, generated income that was eventually laundered and routed back to North Korea.

To obscure the origin of the funds, the workers allegedly engaged in a variety of laundering techniques: opening accounts with fake identities, executing multiple small transfers, switching between blockchains (“chain hopping”), converting assets into different cryptocurrencies (“token swapping”), and even purchasing non-fungible tokens (NFTs) as stores of value.

The proceeds were reportedly moved through online US.-based platforms and commingled to avoid detection, before being transmitted to North Korean entities through intermediaries such as Sim and Kim Sang Man.

Global Coordination Targets Sanctions Evasion

Kim Sang Man, named in the DOJ filing, is alleged to be the CEO of Chinyong (also known as Jinyong IT Cooperation Company), which operates under North Korea’s Ministry of Defense.

Chinyong is sanctioned by the US Treasury Department and is reported to manage delegations of North Korean IT workers in countries such as Russia and Laos.

Kim’s role allegedly involved transmitting funds from the IT workers to Sim, thereby completing the cycle of crypto laundering back to the North Korean government.

The case represents a broader strategic focus by US agencies to disrupt illicit financing networks. Officials from the DOJ, FBI, and national security offices emphasized that targeting North Korea’s digital revenue streams is essential to enforcing sanctions and limiting funds available for military development.

US businesses were also advised to review remote hiring practices to detect potential obfuscation tactics that may be used by foreign actors.

Featured image created with DALL-E, Chart from TradingView