Four North Korean hackers exploited remote work to steal cryptocurrency from Western companies.
Image Source: FBI
The U.S. Department of Justice charged Kim Kwang Jin, Kang Tae Bok, Jong Pong Ju, and Chang Nam Il with fraud and money laundering for stealing nearly $1 million in crypto.
The scheme began in 2019 in the United Arab Emirates, where the group prepared fake documents and used stolen identities. Between late 2020 and mid-2021, they secured jobs at an Atlanta-based blockchain startup and a Serbian virtual token company.
Prosecutors confirmed that Kim and Jong submitted fabricated IDs, with Prosecutor Theodore S. Hertzberg noting this poses a “unique threat” to companies hiring remote IT workers.
Privileged access
After infiltrating internal systems, the defendants wasted no time. In February 2022, Jong stole about $175,000 in cryptocurrency. A month later, Kim exploited the source code of smart contracts to steal $740,000.
The stolen funds were then laundered through mixers and funneled into exchange accounts controlled by Kang and Chang. All accounts were created using fake Malaysian documents, apparently to add credibility to the scheme and evade detection.
“These schemes target and steal from U.S. companies and are designed to evade sanctions and fund the North Korean regime’s illicit programs, including its weapons programs,” said Assistant Attorney General for National Security John A. Eisenberg.
Operation laptop farms
The case was part of the Justice Department’s DPRK RevGen: Domestic Enabler Initiative, launched in 2024 to target North Korea’s illicit sources of income and their U.S. accomplices.
Federal agents conducted coordinated raids in 16 states, seizing more than 30 financial accounts, over 20 fraudulent websites, and nearly 200 computers from so-called “laptop farms.” These farms allowed North Korean operatives to create the appearance of operating from the United States.
North Korean remote IT workers’ evolving tactics to infiltrate organizations. Source: microsoft.com
On June 29, the Justice Department announced that the schemes involved North Korean IT workers posing as U.S. citizens and using stolen identities to get jobs at more than 100 U.S. companies. They funneled millions of dollars to Pyongyang and even gained access to classified military data.
North Korean hackers weaponized remote work, transforming digital globalization into a funding pipeline for the regime. While Western companies embraced remote flexibility, Kim Jong-un’s regime bankrolled its operations through seemingly legitimate employment.
eToro: Best platform for beginners and social trading
- Trade cryptocurrencies, stocks, ETFs, and commodities on one easy-to-use platform
- Follow and copy top-performing traders with eToro’s unique social trading tools
- Earn passive income with staking on popular coins like ETH, ADA, and TRX
- Fully regulated in multiple jurisdictions with strong security protocols
- 0% commission on real stock trading and competitive spreads on crypto
- 30+ million registered users across 100+ countries
eToro is a multi-asset investment platform. The value of your investments may go up or down. Your capital is at risk. Don’t invest unless you’re prepared to lose all the money you invest. This is a high-risk investment and you should not expect to be protected if something goes wrong.
Source:: US Justice Department Charges Four North Koreans in $1M Crypto Heist