U.S. Department of Justice Charges Four North Koreans in Nearly $1 Million Crypto Hack

The U.S. Department of Justice (DOJ) has charged four North Korean nationals in the state of Georgia in connection with the theft of nearly $1 million worth of cryptocurrency from blockchain startups based in the United States and Serbia. The group allegedly posed as remote IT workers, using false identities to conceal their nationality and carry out financial fraud schemes.

The defendants — Kim Kwang Jin, Kang Tae Bok, Jong Pong Ju, and Chang Nam Il — are accused of securing remote employment at a blockchain company headquartered in Atlanta and a virtual token firm in Serbia between late 2020 and mid-2021. Prior to that, the group is believed to have operated out of the United Arab Emirates since 2019.

Prosecutors say Kim and Jong submitted forged documents, including stolen and fabricated identification, to gain employment. Once inside the systems, the individuals exploited privileged access to steal digital assets. In February 2022, Jong allegedly withdrew approximately $175,000 in cryptocurrency, while Kim exploited a smart contract’s source code to steal an additional $740,000. The stolen funds were subsequently laundered through cryptocurrency mixers and transferred to wallets controlled by Kang and Chang, using forged Malaysian IDs.

Authorities emphasized that the stolen funds were intended to support North Korea’s illicit programs, including its weapons development initiatives. John A. Eisenberg, Assistant Attorney General for National Security, stated: “These schemes target and steal from U.S. companies, and are designed to evade sanctions and fund North Korea’s prohibited activities.”

The case is part of the DPRK RevGen: Domestic Enabler initiative launched by the DOJ in 2024, which targets North Korea’s illicit revenue streams and their enablers operating within the United States.

In a related enforcement effort, federal agents conducted coordinated raids across 16 U.S. states, seizing nearly 30 financial accounts, over 20 fraudulent websites, and approximately 200 computing devices from so-called “laptop farms” — operations that allowed North Korean agents to impersonate U.S. citizens and remotely access corporate systems.

The DOJ further revealed that numerous North Korean IT workers had used stolen identities to obtain jobs at more than 100 American companies, funneling millions of dollars back to Pyongyang and, in some cases, gaining access to sensitive military data. Just last month, the Department filed a civil forfeiture complaint to seize $7.74 million in cryptocurrency allegedly earned through these fraudulent remote contracts.

This case underscores the growing threat of transnational cyber fraud, particularly in the technology and digital asset sectors, and serves as a warning for companies to strengthen their due diligence when hiring remote personnel.