North Korean Hackers Stole Over $3 Billion in Crypto, U.S. Sanctions Bankers and IT Firms

Bitcoin Magazine

North Korean Hackers Stole Over $3 Billion in Crypto, U.S. Sanctions Bankers and IT Firms

The U.S. Treasury Department on Tuesday sanctioned eight individuals and two entities connected to North Korea’s cybercrime operations. The move targets the flow of crypto stolen by DPRK hackers and laundered through overseas networks.

Over the past three years, North Korea-affiliated cybercriminals have stolen more than $3 billion, mostly in crypto, according to the Treasury Department. They used advanced malware, social engineering, and ransomware to hit banks, exchanges, and other digital platforms.

The U.S. Treasury said the funds help Pyongyang finance its nuclear weapons and missile programs.

“North Korean state-sponsored hackers steal and launder money to fund the regime’s nuclear weapons program,” said John K. Hurley, Treasury Under Secretary for Terrorism and Financial Intelligence.

The sanctions hit bankers Jang Kuk Chol and Ho Jong Son. They helped manage over $5.3 million in cryptocurrency linked to ransomware attacks and revenue from DPRK IT workers abroad.

Korea Mangyongdae Computer Technology Corp., an IT firm, was also sanctioned. The company runs IT worker delegations in China and uses local proxies to hide the source of funds. Its president, U Yong Su, was designated as well, per the Treasury’s release.

Ryujong Credit Bank, based in Pyongyang, was sanctioned for helping launder money between North Korea and China. Five DPRK banking representatives in China and Russia were also targeted for moving millions in dollars, yuan, and euros through global financial networks.

Last year, The FBI issued a warning that North Korean hackers are targeting U.S. cryptocurrency exchange-traded funds (ETFs) to steal digital assets.

The attacks use advanced social engineering, including detailed research on employees in crypto and DeFi sectors, personalized scams, fake job offers, and malware deployment.

North Korean exploits

According to the Treasury’s release, North Korea also exploits IT workers overseas. They hide their nationality using false identities and contracts. Some collaborate with non-North Korean freelancers, diverting project revenue back to Pyongyang.

Treasury said the sanctions block all property and interests of the designated individuals and entities under U.S. jurisdiction. U.S. persons are prohibited from doing business with them. Financial institutions that violate the rules could face enforcement actions.

Experts say North Korea’s crypto operations are highly sophisticated. The country mixes cybercrime, sanctions evasion, and overseas IT labor to fund its weapons programs.

Tuesday’s action underscores the growing role of cryptocurrency in North Korea’s illicit finance. The U.S. aims to cut off Pyongyang’s access to digital assets while warning the global financial system against helping these networks.

This post North Korean Hackers Stole Over $3 Billion in Crypto, U.S. Sanctions Bankers and IT Firms first appeared on Bitcoin Magazine and is written by Micah Zimmerman.