The U.S. Department of Justice has charged four North Korean nationals with wire fraud and money laundering tied to nearly $1 million in stolen cryptocurrency from blockchain companies in the U.S. and Serbia. Fake Devs, Real Theft The suspects, Kim Kwang Jin, Kang Tae Bok, Jong Pong Ju, and Chang Nam Il, allegedly posed as remote blockchain developers using stolen or fake identities to conceal their North Korean citizenship. Starting from operations in the UAE in 2019, they later secured jobs at a blockchain startup in Atlanta and a token platform in Serbia between late 2020 and mid-2021. U.S. prosecutors say Kim and Jong submitted fabricated documents to land their roles, a tactic DOJ officials describe as a rising threat to companies hiring remote IT staff. $915K in Crypto Funneled to Pyongyang Once inside, the operatives didn’t waste time. In early 2022, Jong siphoned off $175,000 worth of crypto. A month later, Kim exploited vulnerabilities in smart contracts to steal another $740,000. The stolen funds were laundered through crypto mixers and funneled to wallet addresses controlled by Kang and Chang, who allegedly registered exchange accounts using fake Malaysian IDs. The DOJ claims the scheme was part of North Korea’s broader strategy to fund illicit programs, including nuclear weapons development, by targeting vulnerable crypto infrastructure. “These schemes target U.S. businesses, evade sanctions, and funnel money directly into the regime’s weapons programs,” said John A. Eisenberg, Assistant Attorney General for National Security. DOJ’s New Crackdown on DPRK Cyber Ops The charges are part of the DOJ’s broader DPRK RevGen: Domestic Enabler Initiative, launched in 2024 to cut off North Korea’s access to U.S.-based revenue streams. The case also ties into wider efforts. Federal agents recently seized nearly 30 financial accounts, 200 laptops, and over 20 fake websites across 16 states, part of a sweep on “laptop farms” used by North Korean operatives posing as U.S. freelancers. Today, the FBI and @TheJusticeDept announced nationwide actions to disrupt North Korean schemes to defraud American companies through remote IT work, which included the arrest of a U.S. national who allegedly hosted a laptop farm for North Korean actors https://t.co/3IC28oaMFa pic.twitter.com/rsx0EPO0nu — FBI (@FBI) June 30, 2025 A separate civil complaint last month detailed how North Korean IT contractors, posing as remote developers, funneled $7.74 million in crypto to Pyongyang, all while working for over 100 U.S. companies. The Bigger Picture North Korea’s use of fake developer identities to infiltrate crypto startups shows how the regime blends social engineering, remote work loopholes, and blockchain vulnerabilities to raise capital under global sanctions. It’s also a wake-up call for blockchain firms hiring global talent. What looks like a remote dev may be part of a state-sponsored scheme to extract digital wealth, bypass sanctions, and fund hostile operations.
