DOJ charges 4 North Koreans in $1M crypto theft from blockchain startup

Four North Korean nationals were charged in the state of Georgia with wire fraud and money laundering after posing as remote IT workers at US and Serbian blockchain companies and stealing almost $1 million in crypto, prosecutors said Monday.

According to the US Department of Justice (DOJ), Kim Kwang Jin, Kang Tae Bok, Jong Pong Ju and Chang Nam Il posed as remote IT developers using fake and stolen identities to conceal their North Korean citizenship.

The group initially operated from the United Arab Emirates in 2019 before securing jobs at an Atlanta-based blockchain startup and a Serbian virtual token company between late 2020 and mid-2021.

Prosecutors said Kim and Jong submitted fraudulent documents, including stolen and fabricated IDs, to secure their positions, a tactic US Attorney Theodore S. Hertzberg called a “unique threat” to businesses hiring remote IT workers.

Related: North Korea targets crypto workers with new info-stealing malware

Four North Koreans steal $915,000 in crypto

Once inside, the defendants used their privileged access to steal substantial sums. In February 2022, Jong siphoned about $175,000 in crypto. The following month, Kim exploited the source code of smart contracts to steal $740,000.

The stolen funds were then laundered through mixers and sent to exchange accounts controlled by Kang and Chang, all set up using fraudulent Malaysian IDs, investigators said.

“These schemes target and steal from US companies and are designed to evade sanctions and fund the North Korean regime’s illicit programs, including its weapons programs,” said John A. Eisenberg, assistant attorney general for national security.

The case was part of the DOJ’s DPRK RevGen: Domestic Enabler Initiative, a program launched in 2024 targeting North Korea’s illicit revenue streams and US-based enablers.

Related: North Korean hackers set up 3 shell companies to scam crypto devs

DOJ cracks down on North Korean crypto fraud

In another incident, federal agents also conducted coordinated raids across 16 states, seizing almost 30 financial accounts, over 20 fraudulent websites and about 200 computers from so-called “laptop farms” that enabled North Korean operatives to appear as though they were working from the US.

The DOJ announced Sunday that the schemes involved North Korean IT workers posing as US citizens, using stolen identities to gain jobs at over 100 American companies, funneling millions to Pyongyang and even accessing sensitive military data.

Last month, the DOJ filed a civil forfeiture complaint to seize $7.74 million in crypto allegedly earned by North Korean IT workers posing as remote blockchain contractors by using fake identities.

Magazine: North Korea crypto hackers tap ChatGPT, Malaysia road money siphoned: Asia Express