U.S. prosecutors have unsealed indictments against four North Korean nationals accused of stealing nearly $1 million in cryptocurrency by masquerading as remote IT contractors.
According to the Justice Department, Kim Kwang Jin, Kang Tae Bok, Jong Pong Ju, and Chang Nam Il posed as software developers to infiltrate a blockchain startup based in Atlanta, Georgia, as well as a Serbian crypto project.
Starting in 2019, the group operated out of the United Arab Emirates, eventually securing jobs at the targeted companies between late 2020 and mid-2021. Investigators said Kim and Jong used forged and stolen identity documents to conceal their nationality and pass company vetting procedures.
“This tactic represents a unique and dangerous threat to American businesses hiring remote workers,” U.S. Attorney Theodore S. Hertzberg said in Monday’s announcement.
Nearly $1 Million Stolen and Laundered Through Mixers
Once embedded in their roles, the defendants allegedly exploited their privileged access to misappropriate digital assets.
In February 2022, Jong reportedly drained $175,000 in crypto from company accounts. The following month, Kim leveraged control over smart contract source code to steal an additional $740,000.
Federal investigators traced the proceeds through crypto mixers and exchange accounts registered under fake Malaysian identities managed by Kang and Chang.
“These schemes are calculated to evade sanctions and directly finance the North Korean regime’s illicit activities, including weapons development,” said John A. Eisenberg, assistant attorney general for national security.
The charges are part of the DOJ’s DPRK RevGen: Domestic Enabler Initiative, an effort launched in 2024 to disrupt North Korea’s revenue pipelines and hold U.S.-based enablers accountable.
Nationwide Raids and Seizures Target North Korean Fraud Rings
The investigation forms just one part of a broader crackdown on North Korean cryptocurrency fraud.
Last week, federal agents carried out coordinated raids across 16 states, seizing nearly 30 financial accounts, 200 computers, and over 20 fraudulent websites that facilitated the scheme.
Authorities said the operation uncovered “laptop farms” set up to make it appear North Korean operatives were working from within the United States.
The DOJ further disclosed that these tactics have allowed Pyongyang’s agents to land jobs at more than 100 U.S. companies, funneling millions of dollars to North Korea’s coffers while, in some cases, accessing sensitive military-related data.
In a separate case last month, the Justice Department filed a civil forfeiture complaint to seize $7.74 million in crypto allegedly earned by North Korean IT operatives posing as remote blockchain developers.
Quick Facts
- Four North Koreans were charged with wire fraud and laundering nearly $1 million in crypto.
- The defendants posed as developers for U.S. and Serbian blockchain firms using fake IDs.
- The DOJ seized 200 computers and 30 financial accounts in coordinated raids.
- The operation is part of a broader initiative to dismantle North Korea’s crypto-financing networks.
