Millions of dollars in cryptocurrency, allegedly earned by North Korean IT workers using stolen U.S. identities, now sit frozen as part of a sweeping U.S. forfeiture action aimed at dismantling a sophisticated sanctions-evasion network.

The Department of Justice (DOJ) revealed this latest seizure reportedly as part of its ongoing efforts to disrupt illicit revenue streams that fund Pyongyang’s weapons development.

A Digital Trail of Deception

The civil forfeiture complaint, filed in the District of Columbia, alleges that North Korean nationals posed as remote IT contractors, working for companies in the United States and elsewhere.

Their goal was reportedly to generate hard-to-trace crypto income to funnel back to the regime in Pyongyang quietly. By using fake identities and securing jobs in blockchain development firms, they built up a digital pipeline worth a million.

The funds, worth over $7.74 million, were initially frozen during an earlier case involving Sim Hyon Sop, an alleged Foreign Trade Bank representative working with these IT operatives. U.S. authorities claim Sim coordinated money flows between the workers and the North Korean government.

Read more: North Korean Hackers Use Fake U.S. Companies to Spread Malware in Crypto Industry

“This forfeiture action highlights, once again, the North Korean government’s exploitation of the cryptocurrency ecosystem to fund its illicit priorities,” said Matthew R. Galeotti, Head of the Justice Department’s Criminal Division.

“The Department will use every legal tool at its disposal to safeguard the cryptocurrency ecosystem and deny North Korea its ill-gotten gains in violation of U.S. sanctions,” he added.

According to the complaint, North Korean workers employed complex laundering techniques to obscure the funds' origins. These included using fictitious identities, “chain hopping” between blockchains, token swaps, and even purchasing NFTs to disguise value transfers.

Once disguised, the cryptocurrency was rerouted through intermediaries, including Sim and Kim Sang Man, the CEO of Chinyong (a North Korean IT company linked to the military).

FBI Unmasks North Korea’s Remote Workforce

The FBI, which led the investigation, revealed that North Korea deployed these operatives in countries including China, Russia, and Laos.

The workers used U.S.-based laptop farms and VPN obfuscation to hide their true locations. By assuming the identities of Americans, they duped U.S. companies into paying them in cryptocurrencies like USDC and USDT.

In a separate recent report, North Korean hackers reportedly established seemingly legitimate companies in the US to infiltrate the crypto sector, targeting unsuspecting developers through fake job offers.

According to a report by the Japanese Times, the attackers used legal registrations, corporate fronts, and social engineering to conceal their true identities behind American business facades and deliver malware until the FBI stepped in.

The fake firms reportedly formed part of an advanced campaign by a subgroup of the Lazarus Group, a state-sponsored cyber unit linked to North Korea’s Reconnaissance General Bureau.

Source: Finance Magnates