US Justice Department Charges Four North Koreans in $1M Crypto Heist

By Emir Abyazov

eToro

Four North Korean hackers exploited remote work to steal cryptocurrency from Western companies. 

Image Source: FBI

The U.S. Department of Justice charged Kim Kwang Jin, Kang Tae Bok, Jong Pong Ju, and Chang Nam Il with fraud and money laundering for stealing nearly $1 million in crypto.

The scheme began in 2019 in the United Arab Emirates, where the group prepared fake documents and used stolen identities. Between late 2020 and mid-2021, they secured jobs at an Atlanta-based blockchain startup and a Serbian virtual token company.

Prosecutors confirmed that Kim and Jong submitted fabricated IDs, with Prosecutor Theodore S. Hertzberg noting this poses a “unique threat” to companies hiring remote IT workers.

Privileged access

After infiltrating internal systems, the defendants wasted no time. In February 2022, Jong stole about $175,000 in cryptocurrency. A month later, Kim exploited the source code of smart contracts to steal $740,000.

The stolen funds were then laundered through mixers and funneled into exchange accounts controlled by Kang and Chang. All accounts were created using fake Malaysian documents, apparently to add credibility to the scheme and evade detection.

“These schemes target and steal from U.S. companies and are designed to evade sanctions and fund the North Korean regime’s illicit programs, including its weapons programs,” said Assistant Attorney General for National Security John A. Eisenberg.

Operation laptop farms

The case was part of the Justice Department’s DPRK RevGen: Domestic Enabler Initiative, launched in 2024 to target North Korea’s illicit sources of income and their U.S. accomplices.

Federal agents conducted coordinated raids in 16 states, seizing more than 30 financial accounts, over 20 fraudulent websites, and nearly 200 computers from so-called “laptop farms.” These farms allowed North Korean operatives to create the appearance of operating from the United States.

North Korean remote IT workers

North Korean remote IT workers’ evolving tactics to infiltrate organizations. Source: microsoft.com

On June 29, the Justice Department announced that the schemes involved North Korean IT workers posing as U.S. citizens and using stolen identities to get jobs at more than 100 U.S. companies. They funneled millions of dollars to Pyongyang and even gained access to classified military data.

North Korean hackers weaponized remote work, transforming digital globalization into a funding pipeline for the regime. While Western companies embraced remote flexibility, Kim Jong-un’s regime bankrolled its operations through seemingly legitimate employment.

Source:: US Justice Department Charges Four North Koreans in $1M Crypto Heist