U.S. Treasury Sanctions Network Linked to North Korean Crypto Fraud

TheNewsCryptoPublished on 2026-03-13Last updated on 2026-03-13

Abstract

The U.S. Treasury has sanctioned a network tied to North Korean IT workers involved in global cryptocurrency fraud schemes. These operatives used stolen identities and fake documents to secure remote IT jobs, then funneled their earnings to the North Korean government to fund weapons and ballistic missile programs. Many operated from countries like China and Russia while posing as legitimate employees, with companies unknowingly hiring them for software and crypto-related projects. Authorities linked the network to other cybercrimes, including hacking and identity fraud, which have generated billions in stolen crypto assets. Organizations are urged to strengthen identity checks to avoid inadvertently supporting sanctioned entities.

The United States Department of the Treasury sanctioned a network linked to North Korean IT workers. They were running cryptocurrency fraud schemes across the world. Reports indicate that the operatives secretly acquired remote IT jobs. Then, they redirected their earnings to the North Korean government through these networks. Investigators believe the program earned substantial revenues and used them to support Pyongyang’s weapons and ballistic missile programs worldwide. Reports indicate that North Korean operatives used stolen identities and fabricated documents to acquire remote IT jobs globally.

It is reported that many of these workers were operating in countries such as China and Russia. This was done while presenting themselves as legitimate workers worldwide. It is reported that many companies unknowingly recruited these workers to develop software, infrastructure, and cryptocurrency platforms globally. Michael Faulkender said that authorities will seek to block revenue channels that fund destabilizing activities in North Korea globally.

Cybercrime Network Raises Crypto Industry Security Concerns

Faulkender stated that the authorities remain committed to disrupting these cyber-enabled revenue operations in support of Pyongyang’s weapons development programs worldwide today. The investigators also associated the network with other worldwide cybercrime operations. Investigators recently revealed that operatives targeted cryptocurrency organizations and blockchain developers worldwide.

Security authorities have estimated that North Korea-sponsored cyberhackers stole billions from cryptocurrency organizations worldwide in recent years worldwide recently. Experts have revealed that these operations involve a combination of hacking activities, identity fraud schemes, and remote employment strategies. This was to raise revenue in cryptocurrencies worldwide.

Security authorities have urged organizations to heighten their identity verification when hiring remote technology workers worldwide in the global market. They have stated that this can help organizations avoid unknowingly remitting money to sanctioned networks associated with North Korea’s worldwide cyber operations and activities. The latest sanctions have revealed the ongoing efforts to restrict revenue streams associated with North Korea’s worldwide cyber activities and operations.

Highlighted Crypto News:

Kraken Announces Pi Network Listing Ahead of Pi Day, Boosting Interest in PI Coin

TagsBlockchainNorth KoreaU.SUS Treasury

Related Questions

QWhat did the U.S. Treasury sanction in relation to North Korean IT workers?

AThe U.S. Treasury sanctioned a network linked to North Korean IT workers who were running cryptocurrency fraud schemes worldwide.

QHow did the North Korean operatives acquire remote IT jobs according to the report?

AThey used stolen identities and fabricated documents to secretly obtain remote IT jobs globally.

QWhat was the primary purpose of the revenue generated by this fraudulent program?

AThe substantial revenues earned were used to support Pyongyang's weapons and ballistic missile programs.

QWhich countries were mentioned as locations where many of these operatives were working?

AMany of these workers were operating in countries such as China and Russia.

QWhat did security authorities recommend to organizations hiring remote technology workers?

AThey urged organizations to heighten their identity verification processes to avoid unknowingly sending money to sanctioned networks.

Related Reads

L1 is Dead, Long Live Appchain

"L1 is Dead, Appchain Rises" critiques the failure of current Layer-1 (L1) blockchain models, arguing their tokens are trending toward zero. The author identifies key flaws: linear token emissions that incentivize selling rather than value creation, weak value propositions like "gas token" and "governance" narratives, mismanagement by bloated "foundations" or "labs" that drain value through excessive spending and token sales, and poor industry leadership focused on short-term narratives and overhyped trends like RaaS and high TPS. The solution proposed is a fundamental shift. New L1 token models are needed, moving away from the "low float, high FDV" paradigm that disadvantages retail investors. Fundraising should be sufficient only for launch, not excessive. Token unlocks should be tied to real milestones like CEX listings or DeFi integration. The ultimate goal should be for L1 tokens to become widely used mediums of exchange, not just fuel for networks. Value is increasingly moving to the application layer, with successful apps building their own chains (appchains). The author concludes that L1s must build sustainable value by creating useful applications and services, fostering strong holder communities, and achieving self-sustainability without relying on continuous token emissions.

marsbit1h ago

L1 is Dead, Long Live Appchain

marsbit1h ago

An Open-Source AI Tool That No One Saw Predicted Kelp DAO's $292 Million Vulnerability 12 Days Ago

An open-source AI security tool flagged critical risks in Kelp DAO’s cross-chain architecture 12 days before a $292 million exploit on April 18, 2026—the largest DeFi incident of the year. The vulnerability was not in the smart contracts but in the configuration of LayerZero’s cross-chain bridge: a 1-of-1 Decentralized Verifier Network (DVN) setup allowed an attacker to forge cross-chain messages with a single compromised node. The tool, which performs AI-assisted architectural risk assessments using public data, identified several unremediated risks, including opaque DVN configuration, single-point-of-failure across 16 chains, unverified cross-chain governance controls, and similarities to historical bridge attacks like Ronin and Harmony. It also noted the absence of an insurance pool, which amplified losses as Aave and other protocols absorbed nearly $300M in bad debt. The attack unfolded over 46 minutes: the attacker minted 116,500 rsETH on Ethereum via a fraudulent message, used it as collateral to borrow WETH on lending platforms, and laundered funds through Tornado Cash. While an emergency pause prevented two subsequent attacks worth ~$200M, the damage was severe. The tool’s report, committed to GitHub on April 6, scored Kelp DAO a medium-risk 72/100—later acknowledged as too lenient. It failed to query on-chain DVN configurations or initiate private disclosure, highlighting gaps in current DeFi security approaches that focus on code audits but miss config-level and governance risks. The incident underscores the need for independent, AI-powered risk assessment tools that evaluate protocol architecture, not just code.

marsbit2h ago

An Open-Source AI Tool That No One Saw Predicted Kelp DAO's $292 Million Vulnerability 12 Days Ago

marsbit2h ago

Figma's Stock Drops Over 7%, Is Claude Design the One to End It All?

Figma's stock fell over 7% following Anthropic's announcement of Claude Design, an experimental AI-powered design tool. Driven by the Opus 4.7 model, Claude Design generates prototypes, slides, and visual content, directly challenging Figma and Canva. A key feature is its seamless handoff capability to Claude Code, enabling a closed loop from design to development. The tool automatically reads existing code and design files to create tailored design systems, though early users report high token usage and bugs. The release follows a series of strategic moves by Anthropic, including limited releases of advanced models and high-level regulatory meetings. With a rumored $800 billion valuation and potential IPO by October, Anthropic is shifting from selling AI models to building end-user products, positioning itself as a competitor rather than just a partner to its API users. While Claude Design is not yet a full replacement for professional tools, it threatens to redefine Figma’s user base by enabling rapid prototyping for non-designers and small teams.

marsbit2h ago

Figma's Stock Drops Over 7%, Is Claude Design the One to End It All?

marsbit2h ago

Financing Weekly | 15 Public Financing Events, Paxos Labs Completes $12 Million Financing Led by Blockchain Capital

Last week (April 13-19) saw 15 blockchain funding rounds totaling over $165 million. Key deals include Paxos Labs raising $12 million led by Blockchain Capital to build DeFi infrastructure for stablecoin issuance and lending. In AI+Web3, OpenGradient secured $9.5 million for its verifiable AI compute network. DeFi highlights include Brix's $5.5 million raise for emerging market asset tokenization and Votre's $3.75 million seed round for its on-chain crypto lending platform. In centralized finance, digital banking platform Slash closed a $100 million Series C. Prediction market platform Pumpcade raised $5 million, backed by Jump Crypto. Additionally, DePIN project SHARE completed a seed round led by Greenfield Capital.

marsbit2h ago

Financing Weekly | 15 Public Financing Events, Paxos Labs Completes $12 Million Financing Led by Blockchain Capital

marsbit2h ago

Trading

Spot
Futures
活动图片

Hot Categoriesright-arrow

Hot Tagsright-arrow