DOJ Charges Four North Korean Hackers in $900K Crypto Theft Targeting U.S. and Global Firms

The U.S. Department of Justice has charged four North Korean nationals with stealing nearly $900,000 in cryptocurrency by infiltrating blockchain companies using fake identities. According to the indictment unsealed on June 30, the group posed as remote IT workers to gain access to crypto firms’ internal systems—then siphoned digital assets to fund the North Korean regime.

Four North Koreans Charged in Nearly $1 Million Cryptocurrency Theft Scheme

Four North Korean nationals, Kim Kwang Jin (김관진), Kang Tae Bok (강태복), Jong Pong Ju (정봉주), and Chang Nam Il (창남일), have been charged in a five-count wire fraud and money laundering indictment arising from a scheme to be hired as remote IT workers and then steal and launder over $900,000 in virtual currency.

DOJ USAO Northern District of Georgia logo

The suspects—Kim Kwang Jin, Kang Tae Bok, Jong Pong Ju, and Chang Nam Il—allegedly targeted an Atlanta-based blockchain research firm and a Serbian virtual token company. Using stolen identities and falsified credentials, they secured employment and obtained critical access to virtual asset infrastructure.

Prosecutors say the thefts occurred in early 2022. Jong allegedly stole $175,000 in February by directly accessing company systems, while Kim modified smart contract code the following month to steal another $740,000. The funds were then laundered through crypto mixers and accounts tied to fake Malaysian identities, reportedly managed by the other two defendants, Kang and Chang.

Federal officials see this case as part of a broader trend in North Korean cybercrime. The country’s government-backed hackers have long targeted the cryptocurrency space, using it as a workaround to international sanctions. By posing as freelance developers or IT contractors, they embed themselves in global companies and quietly extract digital assets.

Google’s Threat Intelligence Group recently highlighted this tactic, reporting a spike in fake developer profiles tied to North Korea. In some cases, a single operative used over a dozen aliases to land jobs across Europe and the U.S., often in positions that granted backend access to blockchain systems.

Many of these individuals are believed to be working for or alongside state-sponsored hacking units like the Lazarus Group, which has been linked to several major crypto heists—including the $600 million Ronin Bridge attack in 2022 and a $1.4 million exploit of Bybit earlier this year.

FBI Special Agent Paul Brown commented on the latest charges, stating:

“North Korean operatives used false identities to infiltrate companies and steal digital assets to fund their regime. The FBI is committed to exposing these threats and holding cybercriminals accountable.”

As cryptocurrency becomes a battleground for international cybercrime, the DOJ’s latest case underscores the growing risk companies face from deceptive and state-sponsored actors. With North Korea ramping up its digital infiltration tactics, cybersecurity and due diligence in hiring remain more important than ever.