Key Insights:
- Four North Korean hackers were charged by the US DoJ for stealing nearly $1 million in crypto from US and Serbian blockchain companies.
- The hackers posed as remote IT workers, using stolen identities to break into companies.
- The stolen funds (worth nearly $1 million) were laundered using crypto mixers like Tornado Cash and funneled back to Pyongyang.
The US Department of Justice has just charged four North Korean nationals in connection to nearly $1 million in crypto thefts. These individuals are accused of stealing nearly $1 million from blockchain startups in the US and Serbia.
However, this isn’t just another story of stolen crypto. It is a look into the rising issue of state-sponsored crypto crime. Here’s a breakdown of what happened, and steps taken by the US DoJ.
Posing as Remote IT Workers
The accused individuals, Kim Kwang Jin, Kang Tae Bok, Jong Pong Ju and Chang Nam Il reportedly posed as remote developers with stolen identities. They then used these IDs to secure jobs at blockchain companies and got to work stealing funds.
The four reportedly operated out of the United Arab Emirates in 2019 before breaking into an Atlanta-based blockchain startup and a Serbian virtual token company between late 2020 and mid-2021.
Today, the FBI and @TheJusticeDept announced nationwide actions to disrupt North Korean schemes to defraud American companies through remote IT work, which included the arrest of a U.S. national who allegedly hosted a laptop farm for North Korean actors https://t.co/3IC28oaMFa pic.twitter.com/rsx0EPO0nu
— FBI (@FBI) June 30, 2025
According to prosecutors, Kim and Jong forged documents and stolen IDs to appear as real job applicants.
Once inside, these hackers gained access to sensitive systems and digital assets. They were then able to steal large amounts of crypto undetected.
How the Crypto Was Stolen
The entire operation hit a breaking point in early 2022. This is when Jong, under the alias “Bryan Cho,” allegedly stole approximately 60 Ether (worth around $175,000 at the time).
During his time as an employee, Jong was able to win employer trust and even recommended another North Korean co-conspirator, Chang, for a position under the name “Peter Xiao.”
Meanwhile, Kim, working for another firm, was manipulating the source code of smart contracts on Ethereum and Polygon to divert funds.
In March of 2022, Kim reportedly stole over $740,000 worth of crypto by changing when funds could be withdrawn from company-controlled pools. When combined, the operations of Jong, Kim, Chang and Kang saw around $1 million in crypto stolen and funneled back to Pyongyang.
Money Laundering with Crypto Mixers
After the thefts, these individuals got to work laundering the stolen funds and even allegedly used Tornado Cash. This method has become notorious for helping hackers hide the origin of stolen funds.
Kang and Chang used aliases like “Wong Shao Onn” and “Bong Chee Shen,” to open accounts at virtual exchanges with doctored Malaysian IDs. The stolen assets were then sent through Tornado Cash and withdrawn into new wallets.
Interestingly, these individuals had accomplices.
According to the DoJ, they had help from a network of American accomplices. One of the biggest of these was Zhenxing “Danny” Wang, a New Jersey man who is accused of helping set up a fake software development firm called Independent Lab.
Wang ran a “laptop farm” out of his home, where companies unknowingly sent laptops for newly hired remote workers. These machines were then remotely accessed from abroad, which made the crypto hackers appear to be working within the US.
More than 29 financial accounts, 20 scam websites and 200 computers from such farms were seized. This was across 16 states in the FBI’s nationwide raids.
Infiltrating Over 100 U.S. Companies
The Justice Department’s investigation showed that the scam wasn’t an isolated event.
Other North Korean operatives with similar methods allegedly infiltrated more than 100 American companies. Some of these even included Fortune 500 firms in sensitive industries like defense contracting.
At least four major companies suffered losses of over $100,000 each, with one instance of hackers accessing sensitive military data. In total, the rash of hacks reportedly generated more than $5 million in illegally obtained funds.
Overall, as U.S. authorities continue their investigations, the case serves as a major wake-up call for the crypto and tech industries.
Cybercrime is no longer just the domain of anonymous hackers. It has become a well-funded enterprise and everyone, from startup founders to Fortune 500 CEOs, needs to be paying attention.
دیدگاهتان را بنویسید