U.S. Seizes $7.74M in Crypto Linked to North Korea's Global Fake IT Worker Scheme

TL;DR

The U.S. Department of Justice (DoJ) has seized $7.74 million in cryptocurrency, NFTs, and digital assets tied to a North Korean IT worker scheme. This operation exploited global remote IT contracting and cryptocurrency ecosystems to evade U.S. sanctions and fund North Korea’s weapons programs. The scheme involved identity theft, AI-enhanced interviews, and laptop farms to infiltrate Western companies.

U.S. Seizes $7.74M in Crypto Linked to North Korea’s Global Fake IT Worker Scheme

The U.S. Department of Justice (DoJ) has filed a civil forfeiture complaint in federal court targeting over $7.74 million in cryptocurrency, non-fungible tokens (NFTs), and other digital assets. These assets are allegedly linked to a sophisticated global IT worker scheme orchestrated by North Korea. This operation has been exploiting global remote IT contracting and cryptocurrency ecosystems to evade U.S. sanctions and fund North Korea’s weapons programs.

North Korea’s IT Scheme Overview

• Identity Theft: Operatives create fake profiles using stolen personal information from real Americans ¹.
• Job Applications: Using platforms like LinkedIn and Upwork, operatives apply for high-paying, fully remote IT positions ¹.
• AI-Enhanced Interviews: Deepfake technology is used to pass video interviews and coding assessments while impersonating stolen identities ¹.
• Laptop Farms: Company laptops are sent to addresses controlled by US-based facilitators, who maintain “laptop farms” for remote control ¹.

Recruitment and Training

North Korean intelligence services recruit top graduates from prestigious institutions. These operatives are trained in hacking techniques, foreign languages, and are promised higher wages and internet access as incentives ¹.

Notable Cases

• Christina Chapman Case: In 2025, Christina Chapman pleaded guilty to operating a laptop farm that facilitated North Korean operatives, involving over 300 American companies and generating more than $17 million ¹.
• KnowBe4 Incident: In July 2024, KnowBe4 discovered that a new hire was a North Korean operative who had passed background checks and ID verification ¹.

Impact and Future Implications

The scheme has significantly impacted numerous companies, with nearly every Fortune 500 company chief information security officer admitting to hiring at least one North Korean IT worker. The funds generated from these operations are funneled directly to North Korea’s government and weapons programs ¹.

For further insights, check: U.S. Seizes $7.74M in Crypto Tied to North Korea’s Global Fake IT Worker Network

References

1. (2025). “North Korean remote worker infiltration scheme”. Wikipedia. Retrieved 2025-06-16. ↩︎ ↩︎² ↩︎³ ↩︎⁴ ↩︎⁵ ↩︎⁶ ↩︎⁷ ↩︎⁸