01.07.2025 17:06

The U.S. Department of Justice indicted four North Korean citizens on charges of orchestrating a cryptocurrency heist totaling nearly $900,000. This sophisticated operation targeted American and international blockchain firms, highlighting the growing threat of state-sponsored cybercrime.

Acting under false pretenses, the defendants – Kim Kwang Jin, Kang Tae Bok, Jong Pong Ju, and Chang Nam Il – infiltrated their victims. They secured positions at a blockchain research and development company in Atlanta and a Serbian virtual token company, employing fabricated identities and stolen personal data to gain access.

Once inside, Kim and Jong exploited their privileged access to the virtual asset systems. Jong initiated the theft in February 2022, pilfering approximately $175,000. A month later, Kim escalated the operation, altering the source code of their employer's smart contract to siphon off an additional $740,000.

The stolen cryptocurrency subsequently underwent a complex laundering process. Utilizing cryptocurrency mixers and accounts opened with counterfeit Malaysian identities, allegedly controlled by Kang and Chang, the illicit funds were obscured and dispersed.

This brazen scheme underscores a broader, troubling trend. U.S. officials and crypto security experts alike have voiced escalating concerns about North Korean hackers exploiting the crypto job market. These actors, increasingly utilizing fabricated resumes and deceptive tactics, infiltrate companies to gain access and pilfer funds, circumventing international sanctions and enriching the North Korean regime. The incident builds on a long history of DPRK-linked malicious actors targeting the cryptocurrency industry, participating in some of the largest and most damaging thefts in the industry's history. Recent reports, such as one from Google's Threat Intelligence Group, further reinforce this alarming pattern of infiltration across numerous countries.