US sanctions network aiding North Korean IT workers in targeting crypto companies

2025/07/09 14:40

Continuing its crackdown on North Korea’s efforts to infiltrate U.S. companies, the Treasury Department has sanctioned two individuals and four entities for aiding malicious IT workers in infiltrating crypto firms.

A North Korean national, Song Kum Hyok, and a Russian national, Gayk Asatryan, have been sanctioned by the Treasury’s Office of Foreign Assets Control for their roles in supporting North Korean IT worker operations targeting the crypto sector.

According to OFAC, Song Kum Hyok has ties to North Korea’s Reconnaissance General Bureau (RGB) and its subordinate hacking unit Andariel. He has been accused of creating fake identities using stolen U.S. citizen information to help foreign-based DPRK IT workers secure remote jobs, primarily in crypto-related firms.

These workers would then split earnings with Song, generating revenue for North Korea’s sanctioned weapons programs.

Meanwhile, Asatryan is accused of using his Russia-based firms, Asatryan LLC and Fortuna LLC, to employ dozens of DPRK IT workers under contracts with North Korean state trading companies. 

These entities, namely, Korea Songkwang Trading Corporation and Korea Saenal Trading Corporation, have also been sanctioned for their role in dispatching workers abroad to fund the regime.

OFAC said these actions were a part of a strategic initiative to thwart North Korea’s efforts to deploy thousands of skilled IT workers, mainly based in China and Russia, who use falsified documents and fake profiles to gain employment in crypto and tech firms.

Once embedded, these malicious actors allegedly use freelance platforms and crypto exchanges to receive and launder funds back to the regime. 

“These workers are instructed to deliberately obfuscate their identities, locations, and nationalities, typically using false personas, proxy accounts, stolen identities, and falsified or forged documentation,” the Treasury said, adding that they often exploit freelance platforms and crypto exchanges to launder earnings back to North Korea.

Investigators have warned that North Korea’s cyber infiltration strategy has evolved significantly in recent years. While early efforts focused on direct hacks by groups like Lazarus, the regime now increasingly relies on deception-based methods to quietly embed operatives in legitimate firms.

Crypto investigator ZachXBT estimates that as many as 920 North Korean IT workers may have infiltrated roles in the digital asset sector, generating over $16 million in payroll from unsuspecting employers.

Recognising the scale of the threat, U.S. authorities are now striking at the infrastructure sustaining North Korea’s IT infiltration schemes. The Department of Justice has led recent efforts, bringing criminal charges against DPRK-linked operatives, pursuing asset forfeiture cases targeting millions in laundered crypto.

Disclaimer: The articles reposted on this site are sourced from public platforms and are provided for informational purposes only. They do not necessarily reflect the views of MEXC. All rights remain with the original authors. If you believe any content infringes on third-party rights, please contact service@mexc.com for removal. MEXC makes no guarantees regarding the accuracy, completeness, or timeliness of the content and is not responsible for any actions taken based on the information provided. The content does not constitute financial, legal, or other professional advice, nor should it be considered a recommendation or endorsement by MEXC.

You May Also Like

Crypto Scammer’s Sentence Jumps from 18 Months to 12 Years in $20M Fraud Case

Crypto Scammer’s Sentence Jumps from 18 Months to 12 Years in $20M Fraud Case

A man convicted in a $22 million crypto fraud scheme saw his prison sentence sharply increased after failing to repay the money he owed his victim. Nicholas Truglia, 27, who was initially sentenced to 18 months, received a new 12-year sentence on Thursday in a New York federal court. U.S. District Judge Alvin Hellerstein ordered the increase after ruling that Truglia had willfully ignored his obligation to pay back nearly $20.4 million in restitution. “You paid not a cent, not one cent,” Judge Hellerstein told Truglia during the hearing. The judge further ordered an added 3-month supervised release while noting Truglia’s lifestyle. “You didn’t have a job, but you lived in splendor,” Judge Hellerstein said. Judge Slams Crypto Fraudster’s Lavish Lifestyle in SIM-Swap Sentencing According to the report from Bloomberg, Truglia’s legal team argued the new sentence was unlawful. His attorney, Mark Gombiner, said in court that the punishment was “an extraordinary abuse of discretion” and confirmed plans to appeal. #breaking for real: Hacker Truglia sentenced to 12 years, more than double the guideline of 51 to 63 months, for not paying his $20 million restitution. Video of him speaking behind a mask cited and used. Appeal to follow – but remand to Marshals about to occur https://t.co/tWBdzgd4zT — Inner City Press (@innercitypress) July 10, 2025 Arrested in the California Bay Area in 2018, Truglia pleaded guilty in 2021 to participating in a scheme that involved hijacking a victim’s phone number through SIM swapping and draining their crypto accounts. The hackers exploited a telecom employee to gain control of Michael Terpin’s phone number. Terpin, a blockchain investor and CEO of Transform Group, suffered a loss of $24 million due to this scheme. Notably, Truglia was tasked with converting stolen cryptocurrency into Bitcoin. In 2019, Terpin filed a civil lawsuit for $75 million against the scammer and was awarded the full amount in damages by the court. That same year, he also took legal action against AT&T, his wireless carrier at the time, filing a $224 million lawsuit for their negligence. Their failure to secure his cell phone allowed the hackers to compromise it, resulting in his loss. At the time of his initial sentencing, prosecutors revealed that Truglia held more than $50 million in assets, including cryptocurrency, luxury goods, and fine art. Gombiner told the court that his client had turned over all assets he could access, including funds from a Wells Fargo account. Truglia claimed that much of his wealth remained locked in an inaccessible Bitcoin wallet. He told the judge he would repay the victim if he could access the funds. Terpin, who joined the hearing by phone, rejected that explanation, calling it “a giant smoke screen.” U.S. Ramps Up Enforcement as Crypto Crimes Lead to Decades-Long Sentences In the U.S., crypto crimes continue to result in severe penalties. On May 23, Trung Nguyen, a Massachusetts man who ran an unlicensed cash-to-Bitcoin business, was sentenced to six years in federal prison . His company, disguised as a vending machine operator, processed over $1 million in illicit cash, including funds for a known methamphetamine dealer. Nguyen, who used the alias “DCS420,” was convicted in 2024 for money laundering and failing to register with FinCEN. Just two weeks earlier, on May 9, Mohammed Azharuddin Chhipa received a 30-year sentence for sending crypto to ISIS operatives . U.S. prosecutors revealed that between 2019 and 2022, Chhipa funneled more than $185,000 to the terrorist group, funding fighters and prison escapes. 👨‍⚖️ A federal judge sentenced Chhipa to over 30 years for funding ISIS through cryptocurrency, supporting fighter salaries, and prison breaks. #DOJ #CryptoCrime https://t.co/74BdhgaEjh — Cryptonews.com (@cryptonews) May 9, 2025 His use of burner phones and fake identities ultimately failed to hide his tracks. He was caught attempting to flee and intercepted on an Interpol notice. Meanwhile, the U.S. Department of Justice is pushing for a 20-year sentence for Alex Mashinsky, the former CEO of Celsius. Prosecutors say Mashinsky’s fraudulent practices cost investors $550 million, describing his actions as deliberate and self-serving. ⚖️ Celsius founder Alex Mashinsky was sentenced to 12 years in prison for defrauding investors with false promises of high crypto returns. #Celsius #AlexMashinsky https://t.co/R4syyDiKaU — Cryptonews.com (@cryptonews) May 9, 2025 He pled guilty in late 2024 after Celsius collapsed in mid-2022, freezing $4.7 billion in customer funds. These back-to-back cases underscore mounting pressure from courts and regulators to address crypto misuse, whether through scams, market abuse, money laundering, or terrorism financing.
Share
CryptoNews2025/07/11 11:28