In brief
- The sanctions provide some insight into North Korea’s sophisticated, globe-spanning IT worker operation.
- The operation has raised hundreds of millions of dollars for the pariah state over the last several years.
- The operation has placed spies posing as remote workers within foreign companies and used them to rob the companies of cryptocurrency.
The U.S. Treasury Department announced sanctions Wednesday against a web of North Korean, Russian, and Chinese individuals and companies for their alleged role in stealing cryptocurrency from American businesses by posing as IT workers.
The sanctions provide some insight into North Korea’s sophisticated, globe-spanning IT worker operation, which has raised hundreds of millions of dollars for the pariah state over the last several years. The operation has placed spies posing as remote workers within foreign companies and used them to eventually rob the companies of cryptocurrency from the inside.
Similar schemes have also involved gaining access to such companies by tricking real employees with online scams.
Today’s sanctions targeted one such operation, which allegedly involved a Russian national, Vitaliy Andreyev; a Russia-based North Korean official, Kim Ung Sun; a North Korean company consisting of a delegation of North Korean IT workers; and a Chinese front company for that team.
The Russian national, Andreyev, allegedly aided the North Koreans in converting cryptocurrency stolen via IT worker schemes into U.S. dollars. The Treasury Department said the funds from these operations have been used to support North Korea’s nuclear and ballistic missile weapons programs.
“The North Korean regime continues to target American businesses through fraud schemes involving its overseas IT workers, who steal data and demand ransom,” Under Secretary of the Treasury for Terrorism and Financial Intelligence John K. Hurley said in a statement. “Under President Trump, Treasury is committed to protecting Americans from these schemes and holding the guilty accountable.”
Today’s announcement builds off prior actions taken by the Biden administration to target North Korea-affiliated cryptocurrency theft schemes. In 2023, the Treasury Department first sanctioned one of the North Korean IT worker companies at the center of today’s announcement, dubbed Chinyong.
The Trump administration has markedly shifted from its predecessor, however, in its stated approach to coin mixing services used by bad actors to launder stolen cryptocurrency. While the Biden Treasury actively pursued sanctions against such decentralized intermediaries, the Trump administration has backed away in recent months from doing so, claiming it only wants to pursue the bad actors involved themselves.
Earlier this month, however, the Trump Department of Justice succeeded in getting a jury to convict Roman Storm, co-founder of popular coin mixing service Tornado Cash, of a criminal illegal money transmitting charge.
The DOJ then appeared to walk back its victory, pledging to a room of crypto industry leaders weeks later that it would no longer bring the charge it used to convict Storm against developers of “truly decentralized" software that does not take custody of user funds, even when the software is used by criminal entities to launder funds.