U.S. Treasury cracks down on North Korean hackers and bankers behind $3 billion crypto heist scheme
The U.S. Treasury Department has sanctioned eight individuals and two entities tied to North Korea’s vast cybercrime operation that has stolen more than $3 billion in cryptocurrency over the past three years. The action targets those involved in laundering funds derived from cybercrime and IT worker fraud that directly finances North Korea’s weapons program.
“North Korean state-sponsored hackers steal and launder money to fund the regime’s nuclear weapons program,” said Under Secretary of the Treasury for Terrorism and Financial Intelligence John K. Hurley. “By generating revenue for Pyongyang’s weapons development, these actors directly threaten U.S. and global security.”
Digital Deception: IT Workers in Disguise
How do North Korean operatives infiltrate legitimate businesses? By pretending to be someone else. Treasury officials revealed that North Korean IT workers operate globally using false identities to secure freelance programming jobs, generating hundreds of millions annually for the regime.
In some cases, these workers collaborate with foreign freelancers, splitting revenue from projects originally commissioned to external programmers. It’s a sophisticated scheme that’s proven difficult to detect, with North Korean workers often posing as legitimate job seekers from other countries.
Among those sanctioned are bankers Jang Kuk Chol and Ho Jong Son, who managed over $5.3 million in cryptocurrency on behalf of the previously designated First Credit Bank. Some of these funds have been linked to North Korean ransomware actors that targeted U.S. victims.
The Money Trail
The Korea Mangyongdae Computer Technology Company (KMCTC), led by president U Yong Su, operates IT worker cells in Chinese cities Shenyang and Dandong. The Treasury designated KMCTC for its role in North Korea’s IT industry, noting that the company uses Chinese nationals as banking proxies to mask the origin of funds.
These aren’t isolated operations. North Korea has constructed extensive financial networks including banking representatives, institutions, and shell companies throughout North Korea, China, and Russia to launder its illicit revenue.
The Ryujong Credit Bank, based in North Korea, has been identified as a key player facilitating sanctions evasion activities between China and North Korea, including money laundering and overseas worker transactions.
“Over the past three years, North Korean malware and social engineering schemes have diverted more than $3 billion, mostly in digital assets,” Treasury’s Office of Foreign Assets Control said, noting the sum is unmatched by any other foreign actor.
Cybercrime’s Nuclear Connection
What makes these digital heists particularly concerning? The direct line to North Korea’s weapons program.
The Treasury also sanctioned Ho Yong Chol, Han Hong Gil, Jong Sung Hyok, Choe Chun Pom, and Ri Jin Hyok for acting on behalf of North Korean banks connected to sanctions evasion. These individuals facilitated financial transactions worth millions in various currencies to support the country’s illicit activities.
This isn’t the first time cryptocurrency has been implicated in North Korea’s weapons financing. Last year, the Treasury sanctioned Roman Semenov, co-founder of the mixing service Tornado Cash, for providing material support to North Korea’s Lazarus Group hackers who used the service to launder hundreds of millions in stolen virtual currency.
Global Impact
The sanctions extend to blocking all property and interests of designated persons and entities, prohibiting transactions involving their property by U.S. persons or within the U.S. Financial institutions engaging in certain transactions with these entities may face sanctions or enforcement actions themselves.
“The DPRK’s malicious cyber activities and generation of revenue to fund its unlawful WMD and ballistic missile programs through cybercrime including cryptocurrency heists and overseas IT work pose a threat to our citizens, international security and the global digital economy,” Treasury officials stated.
For North Korea, desperate for hard currency amid crushing international sanctions, cybercrime has become a lifeline for a regime that sees nuclear weapons as its ultimate guarantee of survival. And for now, despite the Treasury’s actions, that digital heist operation shows little sign of slowing down.
