The United States Treasury sanctioned six individuals and two companies linked to a global crypto fraud network tied to North Korea. Officials say the operation channeled roughly $800 million into the country’s weapons programs during 2024. The network placed North Korean nationals inside Western companies as remote IT workers. Authorities say those workers sent their salaries back to the regime through cryptocurrency channels.
On March 12, the U.S. Treasury Department announced sanctions targeting individuals and companies linked to a large crypto fraud scheme. The Treasury’s Office of Foreign Assets Control identified six individuals and two entities. Officials said the operation funded North Korea’s weapons programs. The network allegedly sent around $800 million to the regime during 2024.
The scheme relied on remote IT workers placed inside foreign companies. According to reports cited by Korea Times, the workers used fake identities, forged documents, and stolen credentials. Authorities traced the operation across several countries. The network operated through North Korea, Vietnam, Laos, and Spain.
The street reported that two companies now face sanctions. Amnokgang Technology Development Company managed overseas deployments of IT workers and helped procure military technology. Another firm, Quangvietdnbg International Services Company Limited, operated from Vietnam. Investigators say the company converted worker salaries into cryptocurrency before funds returned to North Korea.
Foreign financial institutions that process transactions for sanctioned parties now risk secondary sanctions.
Treasury officials also designated six individuals tied to the network’s financial activity. Nguyen Quang Viet, the CEO of Quangvietdnbg, allegedly converted about $2.5 million into cryptocurrency. Authorities say those transfers occurred between mid-2023 and mid-2025. Investigators claim the funds supported the North Korean regime.
Yun Song Guk managed IT worker groups from Boten, Laos. Officials say he has operated the network since at least 2023. Hoang Van Nguyen helped a previously sanctioned official, Kim Se Un, open bank accounts and move funds. Hoang Minh Quang handled transactions linked to Yun’s network.
Records show Quang processed more than $70,000 tied to those operations. Meanwhile, investigators say some embedded workers also planted malware.Officials report that certain workers stole company data or demanded ransom payments. These tactics expanded the scheme beyond salary collection. Workers inside companies can earn up to $200,000 each year. Authorities say those earnings often flow directly to Pyongyang.
Investigators say North Korea increasingly uses artificial intelligence during hiring processes. AI tools alter worker faces, voices, and accents during video interviews. Those changes help match stolen identities and avoid detection. As a result, the infiltration process has become harder to identify.
According to blockchain analytics firm Chainalysis, North Korean hackers stole more than $2 billion in cryptocurrency during 2025. The total includes a $1.5 billion hack of the crypto exchange Bybit. That breach alone accounted for roughly half of global hacking losses that year. Overall, hackers stole about $2.87 billion across 150 incidents in 2025. Meanwhile, global illicit cryptocurrency flows reached between $154 billion and $158 billion.
That figure marks a 145 percent increase from 2024. Sanctions evasion activity also surged by 694 percent. Investigators traced much of that growth to Russia-linked transactions through the ruble-backed A7A5 stablecoin. The token processed more than $93 billion within one year.
Stablecoins now account for 84 percent of illicit crypto transactions. Criminal groups favor them for liquidity and easy cross-border transfers. North Korea’s crypto theft total reached about $2.02 billion in 2025. That figure represents a 51 percent increase from the previous year.
Read More: New North Korean Malware ‘OtterCookie’ Targets Ethereum and Binance Smart Chain Users
Authorities documented related operations in more than 40 countries. Estimates show about 1,500 North Korean IT workers operate from China. Another 500 workers remain active in Russia, Laos, Cambodia, and several African nations. Could global companies detect these hidden networks before funds reach illicit programs? Meanwhile, criminal structures behind crypto scams have evolved. Investigators say operations now function like businesses with developers, data brokers, and laundering networks.
AI-enabled scams using deepfakes and voice cloning proved 4.5 times more profitable than traditional fraud methods. Impersonation scams also surged sharply. Fraud cases where criminals posed as banks or government agencies increased by 1,400 percent during 2025. Chinese-language laundering networks processed more than $100 billion for criminal markets that year.
U.S. Treasury sanctions targeted a global network that placed North Korean IT workers inside foreign companies to fund Pyongyang. Investigators say the scheme routed about $800 million through cryptocurrency channels. Meanwhile, rising North Korea crypto theft and AI-driven scams continue to expand global illicit cryptocurrency flows and cybersecurity risks.