Crypto

DOJ busts four North Korean hackers in $900K crypto theft



Four North Korean nationals have been charged by the U.S. Department of Justice for stealing nearly $1 million in cryptocurrency from American and international blockchain companies.

According to the indictment released on Monday, June 30, the suspects allegedly posed as remote IT workers, gained access to sensitive systems, and drained crypto wallets as part of a broader effort to fund the North Korean regime.

The defendants, named Kim Kwang Jin, Kang Tae Bok, Jong Pong Ju, and Chang Nam Il, allegedly used fake identities and stolen personal information to land jobs at a blockchain R&D firm based in Atlanta and a Serbian virtual token company. 

Once hired, two of the defendants, Kim and Jong, were given access to virtual asset systems. Prosecutors explained that Jong first stole about $175,000 in February 2022, and a month later, Kim modified their employer’s smart contract source code to take an additional $740,000.

The stolen funds were laundered using crypto mixers and sent through exchange accounts opened with fake Malaysian IDs, which were allegedly controlled by the other two defendants Kang and Chang.

U.S. officials say the scheme is part of a broader pattern, with North Korean hackers increasingly using cyber tactics to evade sanctions and steal from unsuspecting companies. Crypto security experts also recently raised concerns about this trend, warning that DPRK-linked developers are increasingly showing up in the crypto job market, using fake resumes to gain internal access and quietly drain funds.

North Korean IT workers target crypto and tech firms

Malicious actors linked to North Korea have had a long-running presence in the crypto industry, often tied to some of the biggest and most damaging thefts ever recorded. In April, Google’s Threat Intelligence Group reported a rise in DPRK-linked IT workers infiltrating crypto and tech companies across several countries, using fake identities and forged references.

In one case, a single individual was found operating under at least 12 different aliases across Europe and the U.S., targeting companies in both the defense and blockchain sectors.

These workers typically seek roles involving blockchain and smart contract development, positions that put them close to sensitive systems and assets. It’s a tactic that lines up with North Korea’s known efforts to exploit the crypto industry for financial gain.

Some of these IT contractors also act as front-line operators for state-sponsored hacking units like the Lazarus Group, which has repeatedly been linked to high-profile crypto thefts. Lazarus was behind the $600 million Ronin Bridge hack in 2022 and was also flagged for involvement in the $1.4 million Bybit attack in February this year.

Commenting on the latest indictment, FBI special agent Paul Brown emphasized that enforcement actions will not stop against these malicious actors. “North Korean operatives used false identities to infiltrate companies and steal digital assets to fund their regime,” he said, adding that “The FBI is committed to exposing these threats.”



Source link