$7.74M seized from N. Koreans involved in Illegal IT Worker Schemes, cryptocurrency theft, and money laundering

The Department of Justice filed a civil forfeiture complaint today in the U.S. District Court for the District of Columbia.

The Forfeiture Action is the Latest Disruption of an Indicted North Korean Official’s Efforts to Generate Revenue for North Korea and its Weapons Program Through Illegal IT Worker Schemes and Cryptocurrency Theft

Overview

• The U.S. government froze and seized over $7.74 million tied to the scheme where North Korean information technology (IT) workers obtained illegal employment and amassed millions in cryptocurrency for the benefit of the North Korean government, all to evade U.S. sanctions placed on North Korea.
• The funds were initially restrained by an April 2023 indictment against Sim Hyon Sop (Sim), a North Korean Foreign Trade Bank (FTB) representative who allegedly conspired with the IT workers while the North Koreans attempted to launder those ill-got gains,
• April 2023 indictment = https://www.justice.gov/usao-dc/pr/north-korean-foreign-trade-bank-rep-charged-role-two-crypto-laundering-conspiracies

According to the complaint,

• The North Korean government uses illegally obtained cryptocurrency to generate revenue for its priorities.
• This illegally obtained cryptocurrency is allegedly generated, partly, through remote work done by North Korean IT workers deployed around the globe, including in the People’s Republic of China and the Russian Federation (Russia).
• Those IT workers have generated revenue for North Korea via their jobs at, among other places, blockchain development companies.
• To obtain employment, these North Korean IT workers allegedly bypassed security and due diligence checks using fraudulent (or fraudulently obtained) identification documents and other obfuscation strategies.
• These tactics hid the North Koreans’ location and identities, causing unwitting employers to hire and pay them a salary, often in stablecoins such as USDC and USDT.

To send their illegally obtained cryptocurrency back to North Korea, the IT workers allegedly transferred the cryptocurrency using money laundering techniques.

These techniques included:

1. Setting up accounts with fictitious identities;
2. Moving funds in a series of small amounts;
3. Moving funds to other blockchains or converting funds to other forms of virtual currency (i.e., “chain hopping” and “token swapping,” respectively); (4) purchasing non-fungible tokens as a store of value and means of hiding illicit funds;
4. Using U.S.-based online accounts to legitimise activity; and
5. Commingling their fraud proceeds to hide the origin of the funds. 

After laundering these funds, the North Korean IT workers allegedly sent them back to the North Korean government, at times via Sim and Kim Sang Man (Kim).

Kim

• Kim is a North Korean national and the chief executive officer of Chinyong, also known as Jinyong IT Cooperation Company.
• Kim allegedly acts as an intermediary between the North Korean IT workers and North Korea’s FTB by sending funds from the North Korean IT workers to Sim.

Chinyong

• Chinyong is subordinate to North Korea’s Ministry of Defence (formerly known as the Ministry of the People’s Armed Forces), which the Treasury Department’s Office of Foreign Assets Control (OFAC) added to its list of Specially Designated Nationals (SDN) on June 1, 2017.
• Chinyong employs delegations of North Korean IT workers who operate in Russia and Laos, among other countries.

Chinyong and Kim

• On April 24, 2023, OFAC added Sim to its SDN list, and on May 23, 2023, OFAC added Chinyong and Kim to its SDN list.

Today’s forfeiture action follows the Department’s announcement of two federal indictments charging Sim with allegedly conspiring.

1. With North Korean IT workers to generate revenue through illegal employment at companies in the United States and abroad; and
2. With over-the-counter cryptocurrency traders to use stolen funds to buy goods for North Korea.

• https://www.justice.gov/archives/opa/pr/north-korean-foreign-trade-bank-representative-charged-crypto-laundering-conspiracies

The forfeiture action also follows successful actions to disrupt North Korean revenue generation taken by the Department in 

• May 2024, https://www.justice.gov/opa/pr/justice-department-announces-arrest-premises-search-and-seizures-multiple-website-domains
• August 2024, https://www.justice.gov/opa/pr/justice-department-disrupts-north-korean-remote-it-worker-fraud-schemes-through-charges-and
• December 2024, https://www.justice.gov/opa/pr/fourteen-north-korean-nationals-indicted-carrying-out-multi-year-fraudulent-information
• January 2025. https://www.justice.gov/opa/pr/two-north-korean-nationals-and-three-facilitators-indicted-multi-year-fraudulent-remote

Those actions, which are part of the Department-wide DPRK RevGen: Domestic Enabler Initiative launched in March 2024 by the National Security Division and the FBI’s Cyber and Counterintelligence Divisions, targeted U.S. persons facilitating remote IT work and their North Korean co-conspirators.

Source

https://www.justice.gov/opa/pr/department-files-civil-forfeiture-complaint-against-over-774m-laundered-behalf-north-korean