Justice Department moves to confiscate $7.7 million of allegedly stolen crypto as North Korean IT workers infiltrate U.S. companies
The funds were initially frozen in connection with a 2023 indictment of an alleged North Korean agent.
The U.S. Department of Justice (DOJ) wants to confiscate $7.7 million worth of cryptocurrency seized in connection with an alleged scheme to launder money on behalf of the North Korean government.
The DOJ filed a civil forfeiture complaint—a type of civil lawsuit in which the government tries to seize property that it says is linked to criminal activities—on Thursday. The complaint alleges that “North Korean IT workers obtained illegal employment and amassed millions in cryptocurrency for the benefit of the North Korean government,” the agency said.
The millions of dollars worth of crypto were initially frozen in connection to an April 2023 indictment against a man named Sim Hyon Sop, the DOJ said. In that indictment, the government alleged that Sim, a North Korean Foreign Trade Bank representative based in the United Arab Emirates, conspired with North Korean IT workers to launder the ill-gotten funds.
Sim was charged with conspiracy to launder monetary instruments in 2023 in connection to his relationship with the alleged North Korean IT workers, according to court documents.
While the statement does not specify where the IT workers associated with Sim were employed, the DOJ alleges that the workers flew under the radar by bypassing “security and due diligence checks using fraudulent (or fraudulently obtained) identification documents.” Once hired, the workers would allegedly receive a salary—often in stablecoins like USDC or USDT—and send the funds back to North Korea via Sim or another North Korean national.
The DOJ identified the alleged conspiracy as part of a growing effort by the North Korean government to have its citizens pose as remote IT workers in foreign countries, according to the statement. The scheme is an attempt by the North Korean government to prop up its economy in the face of sanctions, the agency said.
“For years, North Korea has exploited global remote IT contracting and cryptocurrency ecosystems to evade U.S. sanctions and bankroll its weapons programs,” Sue J. Bai, head of the DOJ’s national security division, said in a statement.
Identifying a North Korean IT worker
The alleged conspiracy comes amid other incidents of North Korean IT workers attempting to infiltrate companies in the U.S. and abroad. The United Nations estimates that the scheme has generated between $250 million to $600 million annually since 2018.
Most recently, Kraken, a U.S.-based crypto exchange, caught a North Korean agent applying for a job as a software engineer. The company’s security team was able to identify the applicant as a North Korean agent early in the hiring process because his email showed up on a list of those suspected to be a part of a hacker group.
However, instead of tossing the application, Kraken’s chief security officer Nick Percoco decided to interview the agent to learn more about North Korea’s infiltration tactics. Percoco found that, while AI may make it easy to fake technical skills, it is hard to feign a sufficient level of cultural understanding.
For instance, Percoco said that while the applicant had claimed to have gone to New York University and was living in Houston, he fumbled when asked about his favorite restaurant and knew nothing about the American tradition of trick-or-treating on Halloween.
“We said this is going to be a get-to-know-you, sort of, cultural interview,” Percoco previously told Fortune. “That’s where he really failed.”
This story was originally featured on Fortune.com
