In its latest crackdown on North Korean IT worker schemes, the US Justice Department seizes over $7.74 million in cryptocurrency – all tied to one North Korean bank executive accused of laundering the funds for the communist regime.
DoJ officials say the millions in crypto were frozen in connection with a North Korean Foreign Trade Bank (FTB) representative, Sim Hyon Sop (Sim), charged back in April 2023 for facilitating two separate IT worker scams.
The illegally obtained cryptocurrency is generated through remote work done by North Korean IT workers deployed around the globe, including in China and Russia, the DoJ said.
The $7.74 million in illicit funds were seized by the feds, all before Kim Jong Il’s government was able to launder the crypto for its typical nefarious purposes.
“For years, North Korea has exploited global remote IT contracting and cryptocurrency ecosystems to evade US sanctions and bankroll its weapons programs,” said Sue J. Bai, Head of the Justice Department’s National Security Division.
Department Files Civil Forfeiture Complaint Against Over $7.74M Laundered on Behalf of the North Korean Government
undefined U.S. Department of Justice (@TheJusticeDept) June 5, 2025
🔗: https://t.co/T6nh2ETMYY pic.twitter.com/o23HY6C6Zw
US blockchain companies targeted by scammers
Many of the fake workers were said to have direct communications with Sim and employed at various US companies, including at blockchain development firms, which would pay their salaries “often in stablecoins, such as USDC and USDT.”
The DoJ also revealed the scheme involved the use of stolen identification, allowing the IT workers to pose as American citizens to bypass HR security checks. The fake IT workers were also said to regularly use virtual private networks (VPNs) to hide their true location from both the hiring company and payroll facilitators.
Once the salaries began rolling in, Sim would set up US-based online accounts, also using fictitious identities, and begin moving the ill-gotten funds in small amounts to other blockchains or converting them to other forms of virtual currency – a tactic known as “chain hopping” or “token swapping.”
After laundering these funds, the North Korean IT workers reportedly would send the funds directly back to the Democratic People's Republic of Korea (DPRK) via Sim and at times through another North Korean national named Kim Sang Man, the CEO of a North Korean tech firm with ties to the communist government.
FBI investigators said the firm, “Chinyong,” also referred to as the “Jinyong IT Cooperation Company,” is a known subordinate to North Korea’s Ministry of Defense – and on the list of the US Treasury department’s list of Specially Designated Nationals (SDN) banned from doing business with US entities since 2017.
Thursday's forfeiture is part of FBI's “DPRK RevGen: Domestic Enabler Initiative” launched by the agency in March 2024.
As part of the law enforcement campaign, the DoJ indicted five suspects this January, accused of operating an overseas laptop farm used to trick at least 64 US companies into hiring the fake IT workers.
Several other busts have taken place, including Last August, accusing a Nashville man of running an IT worker laptop farm in Tennessee for years, reaping hundreds of thousands of dollars in fraudulent salaries to send to the DPRK.
A civil forfeiture action allows the US government to seize funds without actually making a physical arrest of any suspect.
Your email address will not be published. Required fields are markedmarked