U.S. DOJ Charges North Korean “Freelancers” in $1 Million Crypto Theft
The U.S. Department of Justice has charged four North Korean nationals with fraud and money laundering involving nearly $1 million in stolen cryptocurrency. According to officials, the individuals used fake identities to conceal their ties to North Korea and gained remote employment as IT specialists in Western companies, laundering the stolen funds through crypto mixers.
The DOJ reports that the suspects operated out of the UAE. Two of them altered their names and concealed their citizenship to get hired by a U.S. blockchain firm and a Serbian crypto project. Authorities allege that these companies would never have hired them had their true identities been known.
Once inside, the North Koreans gained access to the companies’ crypto assets and manipulated smart contract code to steal around $915,000. They laundered the stolen crypto through mixers, eventually transferring the funds to wallets controlled by the other two defendants, who had registered accounts using fraudulent Malaysian documents.
According to prosecutors and the FBI, North Korea deploys thousands of IT specialists globally, embedding them in cryptocurrency companies to steal digital assets. Blockchain investigator ZachXBT confirmed that North Korean hackers primarily use the USDC stablecoin (issued by Circle) for fund transfers.
ZachXBT criticized Circle for failing to act despite claiming strong compliance practices. He stated he could provide direct evidence of illegal transactions but said that “no one cares” in what he calls the “criminal supercycle”, where oversight is minimal and profits take priority over security.
In late June, ZachXBT reported detecting regular payments to North Korean freelancers from multiple crypto projects and announced plans to publish detailed statistics. He emphasized that the scale of the issue is severely underestimated, and basic hiring checks could prevent such breaches.
He also linked suspected North Korean hackers to attacks on crypto projects associated with artist Matt Furie, creator of the famous meme character Pepe the Frog. The IT hires gained access to smart contracts and manipulated them to extract funds, with total losses exceeding $1 million.
In a related scheme revealed in April, North Korean operatives registered fake companies in the U.S. to distribute malware to crypto developers during fake job interviews. The objective was to gain access to candidates’ crypto wallets and credentials, eventually compromising the infrastructure of the crypto firms they were connected to.
The U.S. Department of Justice has charged four North Korean nationals with fraud and money laundering involving nearly $1 million in stolen cryptocurrency. According to officials, the individuals used fake identities to conceal their ties to North Korea and gained remote employment as IT specialists in Western companies, laundering the stolen funds through crypto mixers.
The DOJ reports that the suspects operated out of the UAE. Two of them altered their names and concealed their citizenship to get hired by a U.S. blockchain firm and a Serbian crypto project. Authorities allege that these companies would never have hired them had their true identities been known.
Once inside, the North Koreans gained access to the companies’ crypto assets and manipulated smart contract code to steal around $915,000. They laundered the stolen crypto through mixers, eventually transferring the funds to wallets controlled by the other two defendants, who had registered accounts using fraudulent Malaysian documents.
According to prosecutors and the FBI, North Korea deploys thousands of IT specialists globally, embedding them in cryptocurrency companies to steal digital assets. Blockchain investigator ZachXBT confirmed that North Korean hackers primarily use the USDC stablecoin (issued by Circle) for fund transfers.
ZachXBT criticized Circle for failing to act despite claiming strong compliance practices. He stated he could provide direct evidence of illegal transactions but said that “no one cares” in what he calls the “criminal supercycle”, where oversight is minimal and profits take priority over security.
In late June, ZachXBT reported detecting regular payments to North Korean freelancers from multiple crypto projects and announced plans to publish detailed statistics. He emphasized that the scale of the issue is severely underestimated, and basic hiring checks could prevent such breaches.
He also linked suspected North Korean hackers to attacks on crypto projects associated with artist Matt Furie, creator of the famous meme character Pepe the Frog. The IT hires gained access to smart contracts and manipulated them to extract funds, with total losses exceeding $1 million.
In a related scheme revealed in April, North Korean operatives registered fake companies in the U.S. to distribute malware to crypto developers during fake job interviews. The objective was to gain access to candidates’ crypto wallets and credentials, eventually compromising the infrastructure of the crypto firms they were connected to.
