U.S. DOJ Seeks $15M USDT Forfeiture in North Korean Crypto Theft Probe

• U.S. DOJ charges five for aiding DPRK IT workers in infiltrating 136 companies using fake identities.

• Network facilitated $2.2 million transfers back to North Korea through remote work fraud.

• $15 million in USDT frozen from APT38 hacks on crypto exchanges in 2023, per DOJ filings.

Discover how U.S. crackdown on North Korea crypto heists targets identity fraud and APT38 thefts. Learn about DOJ actions seizing $15M and global efforts against DPRK funding. Stay informed on crypto security threats today.

What are North Korea crypto heists and how do they fund the regime?

North Korea crypto heists refer to sophisticated cyber operations by DPRK military hackers, like APT38, targeting cryptocurrency exchanges to steal funds that bypass international sanctions. These heists, combined with remote IT infiltration using stolen identities, have generated hundreds of millions for the regime. In a recent crackdown, the U.S. Department of Justice charged facilitators and sought to forfeit $15 million in stolen USDT.

How do DPRK operatives use remote IT jobs for infiltration?

North Korean IT workers pose as U.S.-based freelancers by using stolen Social Security numbers, fake addresses, and proxy computers to secure remote positions at American companies. According to the DOJ, five individuals—four Americans and one Ukrainian—pleaded guilty to providing falsified identities and hosting laptops, enabling infiltration of 136 firms. This scheme funneled over $2.2 million to the DPRK, with workers earning up to hundreds of thousands annually per operative. Experts from the FBI note these tactics not only fund weapons programs but also pose risks to corporate networks and national security. The operations often involve evading hiring vetting through intermediaries, highlighting vulnerabilities in remote work protocols.

Frequently Asked Questions

What is APT38 and its role in North Korea crypto heists?

APT38 is a North Korean military hacking group linked to major cryptocurrency thefts from exchanges in Estonia, Panama, and Seychelles in 2023. It stole hundreds of millions, laundering funds via mixers and OTC brokers. The DOJ’s forfeiture of $15 million in USDT aims to disrupt these illicit revenue streams supporting DPRK sanctions evasion.

How is the U.S. responding to DPRK-linked crypto fraud?

The U.S. Department of Justice and FBI are intensifying efforts against North Korean crypto theft and identity fraud through arrests, asset seizures, and international partnerships. Recent actions include charging facilitators of remote IT schemes and forming the Scam Center Strike Force to target broader Asian cyber-fraud networks, ensuring a coordinated response to protect economic stability.

Key Takeaways

• U.S. charges reveal depth of DPRK infiltration: Five guilty pleas expose how stolen identities enabled access to 136 companies, transferring $2.2 million to North Korea.
• $15M forfeiture targets APT38: DOJ actions freeze laundered USDT from 2023 hacks, preventing further sanctions evasion via crypto.
• Global crackdown escalates: U.S.-U.K. efforts and new strike forces signal ongoing operations against intermediaries in Asian fraud networks—companies should enhance remote hiring vetting now.

Conclusion

The U.S. actions against North Korea crypto heists and DPRK IT infiltration underscore a robust strategy to dismantle funding mechanisms for sanctioned programs, including APT38’s multimillion-dollar thefts. By charging facilitators and forfeiting assets, authorities are signaling zero tolerance for these threats. As enforcement evolves with international cooperation, staying vigilant on crypto security and remote work protocols will be crucial—monitor developments to safeguard against emerging risks in the digital economy.

U.S. authorities move to disrupt DPRK-linked identity fraud, remote IT infiltration, and multimillion-dollar crypto heists.

Key Highlights

• The U.S. charges five individuals for helping DPRK IT workers infiltrate 136 companies.
• The DOJ moves to forfeit $15M in crypto tied to APT38 hacks.
• The actions widen U.S.-U.K. crackdown on Asian cyber-fraud networks.

The U.S. Department of Justice (DOJ) has announced new actions targeting how North Korea covertly raises money through stolen identities, remote tech work, and large-scale crypto theft. Schemes officials say directly help fund its sanctioned weapons programs.

Five individuals, four Americans and one Ukrainian national, pleaded guilty to helping North Korean IT workers pose as U.S.-based employees. They provided stolen or falsified identities, hosted company-issued laptops, and helped Democratic People’s Republic of Korea (DPRK) operatives bypass hiring checks. 

According to the official announcement, the network infiltrated 136 U.S. companies and sent more than $2.2 million back to the regime.

Justice Department Announces Nationwide Actions to Combat Illicit North Korean Government Revenue Generation pic.twitter.com/J59Tqk7cIc

— FBI (@FBI) November 14, 2025

$15 million tied to APT38 frozen

In a parallel action, the Justice Department filed two forfeiture complaints covering over $15 million in USDT seized from Advanced Persistent Threat 38 (APT38), a North Korean military hacking unit responsible for some of the world’s largest crypto exchange intrusions.

APT38 stole hundreds of millions from platforms in Estonia, Panama, and the Seychelles in 2023, then laundered the funds through mixers, bridges, and OTC brokers. Authorities intercepted part of the laundering flow, froze the assets, and now seek permanent forfeiture.

U.S. agencies have warned for years that North Korean operatives disguise themselves as freelance developers or remote workers to access corporate networks. They use stolen Social Security numbers, fake U.S. addresses, and proxy computers to appear domestic.

Investigators say some DPRK IT workers earn hundreds of thousands annually, generating “hundreds of millions” for the regime. The DOJ warns these infiltrations threaten both national security and economic stability.

Global efforts on crypto-related crimes

The new actions follow a rapid escalation in U.S. enforcement targeting Asian cyber-fraud networks. This week, the government launched the Scam Center Strike Force, a new unit aimed at combating Southeast Asian “pig-butchering” schemes that have drained billions from Americans. Last month, the U.S. and U.K. jointly sanctioned major crime syndicates in Cambodia and Laos tied to crypto laundering.

Together, these efforts reflect a clear shift: U.S. agencies are no longer pursuing only individual hackers but also the infrastructure and intermediaries that enable global crypto-enabled crime.

What comes next

The Justice Department says more arrests, seizures, and cross-border operations are coming. The Federal Bureau of Investigation (FBI) is urging U.S. companies to tighten vetting for remote tech workers and watch for suspicious logins or data access.

Assistant Attorney General John A. Eisenberg said the U.S. will use “every available tool” to disrupt DPRK revenue streams. With North Korea leaning on crypto theft and remote-work fraud to evade sanctions, officials say this is only the beginning.

Also read: Dubai Court Freezes $456M Linked to Justin Sun’s TrueUSD Bailout

Follow The COINOTAG on Google News to Stay Updated!