- The US and North Korea have been in a cyber war.
- The U.S. government has been on a crackdown on cyber threats from North Korea.
- US Authorities believe the schemes extended beyond theft, potentially exposing politically sensitive data.
In what seems like an escalation of the U.S. government’s crackdown on cyber threats from North Korea, the Department of Justice (DOJ) announced criminal charges against four North Korean nationals accused of stealing nearly $1 million in cryptocurrency from blockchain startups in the United States and Serbia.
Kim Kwang Jin, Kang Tae Bok, Jong Pong Ju, and Chang Nam Il are alleged to have posed as remote IT developers, using fake identities and stolen documents to conceal their North Korean citizenship and gain access to sensitive systems within targeted companies.
The charges against the defendants include conspiracy to commit wire fraud and money laundering. They are believed to be operating under the protection of the North Korean government.
How did the scam happen?
According to prosecutors, the scheme originated in 2019. Between late 2020 and mid 2021, the defendants reportedly secured employment at two blockchain companies based in Atlanta, Georgia, and another in Serbia. By posing as legitimate remote contractors, they managed to successfully embed themselves into the core of their victims’ operations.
Once inside the companies’ systems, the defendants executed a two stage theft, according to prosecutors.
In February 2022, Jong allegedly siphoned approximately $175,000 in cryptocurrency through unauthorized transactions. Just one month later, Kim exploited vulnerabilities in smart contract source code to steal an additional $740,000.
The stolen funds were then reportedly funneled through a complex laundering network.
Investigators said the cryptocurrency was routed through mixing services and deposited into exchange accounts controlled by Kang and Chang accounts via fraudulent Malaysian identities.
John A. Eisenberg, Assistant Attorney General for National Security went on to highlight that the criminals carry out calculated theft to fund malicious activity of the regime.
“These thefts weren’t just opportunistic crimes. They were calculated operations designed to funnel money into the coffers of the North Korean regime,” he said.
“These funds support some of the regime’s most dangerous and destabilizing activities including weapons development.”
DOJ’s Broader Crackdown on North Korean Cyber Threats
The case is part of the DOJ’s DPRK RevGen: Domestic Enabler Initiative, launched in 2024 to target illicit revenue generation by North Korea and the U.S.-based individuals or businesses that may unwittingly facilitate it.
Recent investigations have revealed the staggering scale of North Korea’s cyber enabled fraud operations.
US Authorities believe the schemes extended beyond theft, potentially exposing sensitive data. Some operatives allegedly gained jobs with access to confidential military related information.
In a separate but related probe, federal agents executed coordinated raids across 16 U.S. states, seizing approximately 30 financial accounts, over 200 computers, and more than 20 fraudulent websites used to disguise North Korean operatives as remote workers logging in from the United States.
A Warning to the Tech Industry
The Justice Department is urging companies, especially in the tech and blockchain sectors, to adopt more stringent hiring and security vetting practices.
U.S. Attorney Theodore S. Hertzberg warned that such schemes exploit the rise of decentralized work environments and global hiring platforms.
“This is a unique threat that businesses hiring remote IT workers must take seriously,” he said.
Eisenberg also added that, “This case underscores the need for employers to be vigilant about who they’re hiring remotely.”
As the lines blur between digital workspaces and global geopolitics, the U.S. government appears committed to disrupting North Korea’s use of cybercrime to evade sanctions and fund its regime.