The United States has recently uncovered one of North Korea’s most sophisticated schemes to generate illicit revenue. This operation reveals how the regime combined cryptocurrency theft, fake identities, and covert IT infiltrations within U.S. companies.
How North Korea Stole $15 Million Using Crypto
The U.S. Department of Justice (DOJ) has successfully seized $15.1 million in Tether (USDT) stolen by North Korean hackers. The funds, traced to APT38, a group behind some of the largest cryptocurrency heists in recent history, were recovered after years of cyber sleuthing. Key incidents tied to this seizure include:
- The $100M Poloniex hack (November 2023)
- The $37M CoinsPaid breach (July 2023)
- The Alphapo theft, estimated at $60M–$100M
- An unidentified $138M theft from a Panama-based exchange
Post-theft, the funds were laundered through a complex chain of mixers, bridges, and OTC exchanges, making them difficult to trace. Despite this, the FBI’s efforts led to restitution of the crypto assets in 2025.
Infiltrating U.S. Companies: A Devious Strategy
While hacking was one half of the equation, the other half involved planting North Korean operatives as fake remote IT workers in American companies. Here’s how it worked:
- U.S. citizens sold their identities to North Korean operatives.
- Physical devices like laptops were hosted in the homes of these individuals, giving the illusion that IT workers operated from the U.S.
- North Korean workers accessed sensitive company platforms, earning significant incomes that were funneled directly to their regime.
The DOJ revealed this scheme compromised 136 U.S. companies and exploited unsuspecting citizens. Individuals who assisted in these operations, including four U.S. citizens and one Ukrainian national, have pleaded guilty.
North Korea’s Motivation
Why does North Korea target cryptocurrency? The answer is simple: sanctions. The nation’s economy faces crippling restrictions, making alternative income sources critical. North Korea has innovated to overcome these barriers by:
- Executing advanced crypto heists globally
- Planting IT workers in foreign companies
Government reports highlight that North Korean IT workers can earn up to $300,000 annually, with these earnings directly supporting military and defense programs. The covert nature of this operation makes it challenging for companies to identify, especially with seemingly legitimate workers onboarded remotely.
A Growing Threat: Crypto Theft at Record Levels
The scale of North Korea’s operations is staggering, with estimates suggesting over $2 billion in cryptocurrency stolen by 2025. These activities have positioned the nation as one of the most efficient and dangerous cybercrime operators globally.
If you want to protect your digital assets, using a top-tier hardware wallet is critical. Consider the Ledger Nano X, a trusted solution for securing cryptocurrency investments. With features like offline storage and advanced security layers, it’s essential for anyone engaging in crypto transactions.
Conclusion: The U.S. Tightens the Net
The DOJ’s actions mark a crucial step in combating North Korea’s cybercrime efforts. However, the scale of the threat continues to grow, urging companies and individuals to adopt stronger security measures. Stay vigilant, as the cryptocurrency landscape evolves in complexity and risk.
