- The US Treasury sanctioned two people and four entities for running a North Korean IT worker scheme that infiltrated crypto companies.
- North Korea uses thousands of skilled IT workers worldwide to steal money and fund its missile programs.
- The country is shifting from direct hacking to using fake identities and deceptive employment tactics.
On Tuesday, the US Treasury Department imposed sanctions on two individuals and four entities for operating a North Korea-linked IT worker scheme that infiltrated cryptocurrency companies. The sanctions target a sophisticated operation designed to steal American identities and exploit US businesses.
The Treasury’s Office of Foreign Assets Control sanctioned Song Kum Hyok, a North Korea-based individual accused of stealing US citizens’ personal information. Officials allege Song provided these stolen identities to foreign IT workers who used them to secure employment at American companies.
Russian national Gayk Asatryan also faced sanctions for allegedly employing dozens of North Korean IT workers through his companies. Asatryan reportedly signed long-term agreements with North Korean trading firms beginning in 2024 to facilitate these arrangements.
Massive IT Workforce Funds Missile Programs
North Korea operates thousands of skilled IT workers worldwide to generate revenue for its ballistic missile programs. According to Treasury officials, most of these workers operate from China and Russia. The workforce primarily targets employers in wealthier nations using mainstream networking platforms and industry-specific sites.
The sanctions freeze all US assets connected to the sanctioned individuals and entities. Americans now face civil and criminal penalties for conducting financial transactions or business dealings with them.
Treasury Deputy Secretary Michael Faulkender emphasized the government’s commitment to disrupting North Korea’s sanctions evasion efforts. He cited digital asset theft, identity impersonation, and malicious cyberattacks as key tactics employed by the Kim regime.
Shift From Hacking to Deception Tactics
North Korea has gained notoriety for high-profile cryptocurrency hacks through groups like Lazarus. The country executed some of the largest crypto thefts in history, including a $1.5 billion Bybit exploit in February.
However, blockchain intelligence firm TRM Labs reported a tactical shift on Tuesday. The firm observed that North Korea-aligned operations increasingly focused on deception-based revenue generation rather than traditional exchange breaches.
TRM Labs estimates North Korean actors stole $1.6 billion of the $2.1 billion taken across 75 crypto hacks and exploits in the first half of 2025. This represents a significant portion of total cryptocurrency theft during this period.
US authorities have intensified efforts to combat North Korean IT worker schemes throughout 2025. On June 30, prosecutors charged four North Korean nationals with wire fraud and money laundering after they posed as remote workers at US and Serbian blockchain companies.
Disclaimer
The content shared on KryptoVaultDaily is for informational purposes only and does not constitute financial or trading advice. We do not offer guarantees and assume no responsibility for investment decisions based on the material provided. Always research and seek guidance from a licensed financial advisor before trading cryptocurrency or investing.
