Stacy Pereira
The U.S. Department of Justice (DOJ) has filed a civil forfeiture complaint seeking to seize over $7.74 million that was allegedly laundered to benefit the North Korean government. The proceeds were laundered through a complex network of shell companies and cryptocurrency platforms by North Korean IT professionals, a press release dated June 5, 2025, stated.
The IT workers obtained illegal employment using stolen identities of American citizens and amassed millions in cryptocurrency to evade U.S. sanctions placed on North Korea. The funds were initially restrained by the DOJ in connection with an April 2023 indictment against Sim Hyon Sop (Sim), a North Korean Foreign Trade Bank (FTB) representative who was allegedly conspiring with the IT workers.
“Today’s multimillion-dollar forfeiture action reflects the Department’s strategic focus on disrupting these illicit revenue schemes. We will continue to use every legal tool available to cut off the financial lifelines that sustain the DPRK and its destabilizing agenda,” said Sue J. Bai, Head of the Justice Department’s National Security Division.
Newsletter
Get weekly updates on the newest crypto stories, case studies and tips right in your mailbox.
The Modus Operandi
According to the complaint, the North Korean government allegedly used illegally obtained cryptocurrency as a means of generating revenue. This illegally obtained cryptocurrency was allegedly generated, in part, through remote work done by North Korean IT workers deployed around the globe, including in the People’s Republic of China and the Russian Federation (Russia).
The North Korean IT workers got employed by allegedly bypassing security and due diligence checks using fraudulent (or fraudulently obtained) identification documents and other obfuscation strategies. These tactics, the DOJ noticed, helped hide the North Koreans’ true location and identities, causing unwitting employers to hire them and pay them a salary, often in stablecoins such as USDC and USDT.
Way back to North Korea
The Department of Justice has also outlined the various illegal methods and money laundering techniques that the IT workers used to send the proceeds back to North Korea. These techniques included:
(1) setting up accounts with fictitious identities
(2) moving funds in a series of small amounts
(3) moving funds to other blockchains or converting funds to other forms of virtual currency (i.e., “chain hopping” and “token swapping,” respectively)
(4) purchasing non-fungible tokens as a store of value and a means of hiding illicit funds
(5) using U.S.-based online accounts to legitimize activity
(6) commingling their fraud proceeds to hide the origin of the funds.
The DOJ’s move demonstrates a strong stance against the Democratic People’s Republic of Korea’s (DPRK) cyber-enabled financial crimes and serves as a warning to U.S. companies to strengthen vetting processes for remote workers. Authorities continue to investigate related cases in collaboration with international partners to further disrupt North Korea’s access to illegal financial networks.
