Why trust Greenbot
Federal agents seized $7.74 million in cryptocurrency last week from North Korean information technology (IT) workers who used artificial intelligence (AI) and stolen American identities to infiltrate U.S. companies and fund their regime’s weapons programs.
The sophisticated scheme involved operatives posing as remote employees at blockchain firms and Fortune 500 companies. They deployed AI-generated personas and deepfake technology during job interviews to bypass security checks, according to the Department of Justice (DOJ) complaint filed Thursday in Washington, D.C.
“The FBI’s investigation has revealed a massive campaign by North Korean IT workers to defraud U.S. businesses by obtaining employment using the stolen identities of American citizens,” said Roman Rozhavsky, Assistant Director of the FBI’s Counterintelligence Division.
The workers operated from China, Russia, and Laos while masking their locations through VPNs and U.S.-based “laptop farms.” Once hired, companies paid them in stablecoins like USDC and USDT, believing they were legitimate American contractors.
Federal prosecutors say the stolen funds flowed through two key intermediaries. Sim Hyon Sop, a North Korean Foreign Trade Bank representative, handled money laundering operations alongside Kim Sang Man, CEO of Chinyong IT Cooperation Company. Both men were added to Treasury Department sanctions lists in 2023.
The operatives used sophisticated laundering techniques to hide their tracks. They purchased NFTs as value storage, switched between different cryptocurrencies, and made numerous small transfers to avoid detection. Some funds were mixed with legitimate transactions to obscure their criminal origins.
“For years, North Korea has exploited global remote IT contracting and cryptocurrency ecosystems to evade U.S. sanctions and bankroll its weapons programs,” said Sue J. Bai, head of the Justice Department’s National Security Division.
This case represents just a fraction of North Korea’s cyber operations. The United Nations estimates the country makes between $250 million and $600 million each year through similar schemes. The funds directly support Pyongyang’s nuclear and ballistic missile development.
Tech giants are fighting back. OpenAI and Google have shut down accounts used by North Korean IT groups to create fake resumes with AI tools.
The seized cryptocurrency was initially frozen during Sim’s April 2023 indictment. Thursday’s action is part of a larger effort called the “DPRK RevGen: Domestic Enabler Initiative.” This program started in March 2024 to stop North Korea from making money through cyber crimes.
“The Department will use every legal tool at its disposal to safeguard the cryptocurrency ecosystem and deny North Korea its ill-gotten gains,” said Matthew R. Galeotti, head of the Justice Department’s Criminal Division.
Security experts warn that North Korean tactics are becoming more sophisticated as the isolated regime increasingly relies on cybercrime for survival. The FBI has issued multiple advisories urging companies to strengthen remote worker verification processes.
The case was investigated by the FBI Chicago Field Office and the FBI’s Virtual Assets Unit, with the civil forfeiture filed in the U.S. District Court for the District of Columbia.
