The Justice Department on Thursday filed a civil complaint in Washington, D.C., to retrieve some $7.74 million allegedly pilfered by a North Korean IT worker scheme, adding another chapter to a storied history of DPRK efforts to steal money for its regime.
The funds were first restrained by the U.S. after being tied to Sim Hyon Sop, a North Korean Foreign Trade Bank representative who was indicted in 2023 after being accused of conspiring with IT workers to pilfer the money.
“For years, North Korea has exploited global remote IT contracting and cryptocurrency ecosystems to evade U.S. sanctions and bankroll its weapons programs,” said Sue Bai, who heads the Justice Department’s National Security Division. “Today’s multimillion-dollar forfeiture action reflects the Department’s strategic focus on disrupting these illicit revenue schemes.”
Court documents say North Korea obtained stolen cryptocurrency, in part, through these remote worker schemes that have long been tracked by officials and private cybersecurity firms. The sham workers were able to obtain remote work by bypassing due diligence checks, and largely obtained work at blockchain development companies.
“These tactics hid the North Koreans’ true location and identities, causing unwitting employers to hire them and pay them a salary, often in stablecoins, such as USDC and USDT,” DOJ said in a Thursday statement.
North Korea’s munitions directorate is linked to its ballistic missile research program, which is reported to be frequently funded by covert cryptocurrency transactions. The nation has deployed shadow operatives across the globe who pose as legitimate technology workers, planting themselves inside firms to carry out long-haul schemes that fund Pyongyang’s nuclear weapons research.
The schemes have paid for some 50% of Pyongyang’s missile projects, according to public U.S. assessments. This week, OpenAI said it banned several accounts associated with “deceptive employment campaigns” likely tied to the regime.
“Some of the actors linked to these recent campaigns may have been employed as contractors by the core group of potential DPRK-linked threat actors to perform application tasks and operate hardware, including within the U.S.,” the AI company said.
“Allowing Kim Jong Un’s cronies to steal millions in cryptocurrency to fund the North Korean government’s schemes without consequences is unacceptable. We must tighten the leash on sanctions against North Korea and ensure safeguards on our digital asset ecosystem to prohibit malign activities by our adversaries,” Rep. Young Kim, R-Calif., told Nextgov/FCW.
Kim urged Congress to pass the CLARITY Act, which aims to set a regulatory framework for digital assets, arguing the bill “includes robust anti-money laundering and counter-terrorism financing measures to counter illicit finance.”
