The U.S. Department of Justice (DOJ) has initiated a civil forfeiture action aimed at reclaiming approximately $7.74 million in cryptocurrency believed to be associated with a scheme involving North Korean tech workers.
As highlighted in a June 5 press release, the assets are purportedly linked to remote employees who utilized fraudulent identities to secure jobs with various blockchain companies.
These individuals are said to operate under the direction of the North Korean government, using the cryptocurrency space to sidestep U.S. sanctions and channel illicit funds back to the Democratic People’s Republic of Korea (DPRK).
The Intersection of Remote Work, Blockchain, and Money Laundering
The case is part of an ongoing inquiry, which kicked off with an indictment in April 2023 targeting Sim Hyon Sop, a representative of North Korea’s Foreign Trade Bank based in China.
Sim faces allegations of collaborating with North Korean IT personnel to launder funds through a variety of mechanisms. According to U.S. authorities, these seized assets are integral to a broader North Korean strategy leveraging the global cryptocurrency framework for financial gain in contradiction to international sanctions.
The DOJ’s complaint indicates that the DPRK has increasingly utilized tech workers deployed across nations including China and Russia, instructing them to seek employment in the blockchain and technology sectors.
These workers reportedly managed to evade standard know-your-customer (KYC) practices and due diligence by employing stolen or fabricated documentation to mask their true identities and locations. Their compensation, often in stablecoins like USDC or USDT, subsequently flowed back to North Korea after a lengthy laundering process.
To further hide the origins of these funds, they allegedly executed several laundering strategies, such as:
- Creating accounts with fictitious identities
- Conducting numerous small-scale transfers
- Engaging in “chain hopping” across different blockchains
- Utilizing “token swapping” to convert assets into various cryptocurrencies
- Investing in non-fungible tokens (NFTs) as value storage mechanisms
Reportedly, these funds were transmitted through U.S.-based digital platforms and mixed to evade detection before reaching North Korean entities via intermediaries like Sim and Kim Sang Man.
International Cooperation Against Sanction Evasion Efforts
Kim Sang Man, mentioned in the DOJ complaint, is alleged to be the CEO of Chinyong, also recognized as Jinyong IT Cooperation Company, a company connected to North Korea’s Ministry of Defense.
Chinyong is under sanctions from the U.S. Treasury Department and is said to oversee delegations of North Korean IT professionals operating in nations such as Russia and Laos.
Kim is purported to facilitate the transfer of funds from these IT workers to Sim, thereby completing the cycle of cryptocurrency laundering and feeding back into the North Korean regime.
This case serves as a critical component of the U.S. government’s broader mission to dismantle networks financing illicit activities. Officials from the DOJ, FBI, and various national security divisions stressed the significance of targeting North Korea’s digital revenue streams to uphold sanctions and restrict funding for military advancements.
Moreover, U.S. businesses are being urged to scrutinize their remote hiring practices to detect potential deceptive tactics that may be leveraged by foreign actors.
Image generated using DALL-E; analytics chart courtesy of TradingView.
