North Koreans posed as US citizens to steal crypto and data from American firms, DOJ says

The U.S. Department of Justice has busted several schemes where North Korean suspects posed as U.S. citizens to fraudulently gain employment at American companies, stealing cryptocurrency and sensitive data for the benefit of the North Korean regime.

In a statement released Monday, the DOJ said authorities have taken action against North Korean schemes, including filing two indictments, making an arrest, and seizing 29 financial accounts used to launder illicit funds.

"These schemes target and steal from U.S. companies and are designed to evade sanctions and fund the North Korean regime's illicit programs, including its weapons programs," said John A. Eisenberg, assistant attorney general of the DOJ's national security division.

Specifically, one indictment alleged that between 2021 and October 2024, the defendants used stolen identities from over 80 Americans to fraudulently secure remote positions at more than 100 U.S. companies, including multiple Fortune 500 firms. The scheme resulted in at least $3 million in damages, including legal fees, cybersecurity repairs, and other expenses.

Also, federal prosecutors in Georgia have charged four North Korean nationals with stealing over $900,000 in cryptocurrency from two companies and laundering the funds through sophisticated channels. 

Court documents revealed that the group used Tornado Cash, a cryptocurrency mixing service, to obscure the stolen funds before transferring them to exchange accounts opened with fake Malaysian identity documents. The suspects remain fugitives wanted by the FBI.

"North Korea remains intent on funding its weapons programs by defrauding U.S. companies and exploiting American victims of identity theft, but the FBI is equally intent on disrupting this massive campaign and bringing its perpetrators to justice," said Roman Rozhavsky, assistant director of the FBI Counterintelligence Division.