US Sentences 8 for Helping North Korea Target Crypto Firms

Zach Anderson May 08, 2026 07:22

8 individuals sentenced for aiding North Korea in crypto-focused schemes, exposing risks of remote work exploitation.

U.S. prosecutors have sentenced eight individuals over the past five months for aiding North Korea’s illicit schemes targeting cryptocurrency firms. The Department of Justice (DOJ) revealed that the so-called "laptop farmers" helped North Korean IT operatives infiltrate U.S. companies, underscoring the increasing sophistication of the regime’s tactics to evade sanctions and fund its weapons programs.

Two recent cases highlight the operation’s scale. Matthew Issac Knoot of Nashville and Erick Ntekereze Prince of New York were both sentenced this week to 18 months in prison. These individuals served as intermediaries, receiving corporate laptops from U.S. companies and installing remote desktop software that allowed North Korean operatives to control the devices while posing as domestic employees. Prosecutors said the scheme generated $1.2 million in revenue for the North Korean government and impacted nearly 70 U.S. firms, including those in the crypto sector.

North Korea has aggressively targeted cryptocurrency companies through these schemes, seeking to either steal assets or gain insights into infrastructure vulnerabilities. The operatives often use stolen or fabricated identities, leveraging AI to enhance job applications and conduct remote interviews. According to a recent CrowdStrike report, the number of companies hiring North Korean operatives surged 220% in the last year, with over 320 firms unknowingly employing them.

The DOJ’s actions are part of broader efforts to counter North Korea’s growing reliance on cybercrime as a revenue source. In 2022 alone, North Korean actors allegedly stole between $630 million and $1 billion in cryptocurrency, according to United Nations estimates. Groups like the Lazarus Group have been implicated in high-profile heists, fueling concerns about the regime’s ability to fund its weapons programs through these illicit activities.

Earlier reports also revealed that North Korea uses social engineering tactics to infiltrate companies. For example, operatives request company-provided laptops be sent to intermediaries, who then configure them for remote access before passing them along. These methods are supported by Department 53, a North Korean entity specializing in cyber operations.

In addition to prison sentences, financial penalties have been imposed. Prince was ordered to forfeit $89,000, the amount he earned from the scheme, while Knoot must pay $15,100 in restitution and an equal amount in forfeitures. Last month, New Jersey residents Kejia Wang and Zhenxing Wang received longer sentences of nine years and nearly eight years, respectively, for similar activities. Their operation reportedly generated over $5 million for North Korea and involved the stolen identities of 80 U.S. citizens.

For cryptocurrency firms, this serves as a stark warning. Remote work, while convenient, has become a key vulnerability that North Korea is adept at exploiting. Enhanced due diligence, robust identity verification, and monitoring of remote access tools are critical defense measures. The DOJ’s crackdown signals that governments are stepping up enforcement, but the onus remains on companies to scrutinize their hiring processes and protect their infrastructure.

North Korea’s reliance on cybercrime and sanctions evasion shows no signs of slowing. As the crypto industry continues to expand, so too will the risks associated with these schemes. Vigilance, combined with coordinated international action, will be essential to mitigating the threat.

• north korea
• crypto security
• doj
• sanctions evasion