North Korean Agents Charged for Infiltrating U.S. Crypto Startup, Stealing $900K

Four North Korean agents used fake identities to land remote IT jobs at a U.S. crypto startup and stole nearly $900,000 in two incidents.
The DOJ seized 29 financial accounts, 21 fraudulent websites, and 200 computers linked to DPRK’s crypto infiltration schemes.

Federal prosecutors in Georgia have charged four North Korean nationals with infiltrating a U.S.-based blockchain startup under fake identities, stealing nearly $1 million in crypto.

The five-count indictment includes wire fraud and money laundering charges stemming from two separate incidents in 2022.

The defendants allegedly posed as remote IT developers, using stolen identities and fake documents to gain employment with an Atlanta-based crypto firm.

Once inside, they stole $175,000 and $740,000 in two transactions. Authorities say the funds were laundered through crypto mixers and exchanges using falsified documentation.

Officials believe this is part of a broader strategy by the Democratic People's Republic of Korea (DPRK) to fund its weapons programs. Described by prosecutors as “North Korean IT workers,” the agents embedded themselves in companies to manipulate security systems and facilitate insider breaches.

“These tactics form a pattern that has increasingly become standard operating procedure,”

said Andrew Fierman, head of national security at Chainalysis. The agents not only sent compensation back to North Korea, but also patiently waited for opportunities to siphon off company funds.

Exploiting Web3 Vulnerabilities

Vladimir Sobolev, a threat researcher at Hexens, blamed crypto's remote-first culture and lax vetting processes.

“Many teams avoid in-person meetings and prefer hiring more 'cheap' developers than hiring well-known guys in our sector,” he said, calling it a fundamental issue.

The DOJ’s announcement follows a series of enforcement actions across 16 U.S. states. Authorities seized 29 financial accounts, 21 fraudulent websites, and around 200 computers used in so-called "laptop farms", remote access points for DPRK agents to control crypto operations from abroad.

Fierman emphasized the importance of recognizing such threats, as North Korea’s cyber schemes continue evolving.

Edited by Annette George

North Korean Agents Charged for Infiltrating U.S. Crypto Startup, Stealing $900K

Exploiting Web3 Vulnerabilities

Read Next

AI Startup Zaher AI Lands $150K, Becomes Meska Studio’s First Flagship Firm

Pentagon Backs Blue Origin and Anduril to Study Rapid Space-to-Earth Cargo Delivery

FLOQ Reaches Nearly 1 Million Users in Less Than 3 Months

Meta’s $10B Louisiana Data Centre Gets Green Light for Gas Power Amid Criticism

Europe’s DAOs Drive Public-Good Funding and Blockchain Innovation

SecureDApp Launches an AI-Powered Blockchain Forensics Platform to Combat Web3 Financial Crimes

Victim Loses $91M in Bitcoin After Fraudster Poses as Hardware Wallet Support: ZachXBT

Real-Money Gaming Ban in India Risks Jobs, Spurs Legal and Industry Backlash

Edtech Startup Arivihan Raises $4.17 Million in Pre-Series A Round Led by Prosus and Accel

Battery Startup Group14 Lands $463M as Demand for Silicon Anodes Grows

Subscribe to Newsletter