On-Chain Tracking | US Further Cracks Down on North Korean IT Worker Fraud Network Using Cryptocurrency to Fund Weapons of Mass Destruction, Sanctions 6 Individuals and 2 Entities

Odaily星球日报2026-03-14 tarihinde yayınlandı2026-03-14 tarihinde güncellendi

Özet

On March 12, the U.S. Treasury’s Office of Foreign Assets Control (OFAC) sanctioned six individuals and two entities involved in a Democratic People’s Republic of Korea (DPRK)-led IT worker fraud network. The scheme defrauded U.S. companies to fund DPRK’s weapons of mass destruction programs, with nearly $800 million involved in 2024 alone. The sanctioned individuals facilitated cryptocurrency exchange, money laundering, and IT operations for DPRK IT workers who used fake identities to infiltrate companies. Two entities, Amnokgang and Quangvietdnbg, were key operators. OFAC identified 21 cryptocurrency addresses linked to the network. One individual exchanged approximately $2.5 million in crypto for DPRK operatives. Chain analysis revealed significant outflows to various exchanges, including over 200,000 USDT and substantial amounts of Ethereum, Tether, and TRX. This action underscores ongoing efforts to combat DPRK’s use of crypto to evade sanctions and highlights the importance of robust anti-money laundering screening for virtual asset service providers.

On March 12, the U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) announced sanctions against 6 individuals and 2 entities involved in a North Korea-led IT worker fraud network. The announcement stated that these participants systematically defrauded U.S. companies to provide funding for weapons of mass destruction programs, with the amount involved in 2024 alone approaching $800 million.

https://home.treasury.gov/news/press-releases/sb0416

Sanctions Details

According to the U.S. OFAC disclosure, North Korea-controlled IT teams used forged documents, stolen identities, and fabricated personas to conceal their true identities and gain employment at legitimate companies in the U.S. and other countries. The North Korean government seizes the vast majority of these overseas IT workers' salaries, obtaining hundreds of millions of dollars in funding to support its weapons of mass destruction and ballistic missile programs. In some cases, North Korean-linked personnel also secretly implanted malicious software into corporate networks to steal proprietary and sensitive information.

This round of sanctions targets a total of 6 individuals (Nguyen Quang Viet, Do Pyong Kyong, Hoang Van Nguyen, Yun Song Guk, Hoang Minh Quang, York Louis Celestino Herrera), identified as providing substantial assistance to North Korean IT workers through cryptocurrency exchange, money laundering, bank account opening, IT business对接 (liaison), etc.; and 2 corporate entities (Amnokgang, Quangvietdnbg), identified as key operators and facilitators of the IT worker fraud network.

Sanctioned Address Analysis

This sanctions action locked a total of 21 cryptocurrency addresses. According to the OFAC notification, from mid-2023 to mid-2025, Quangvietdnbg's CEO Nguyen Quang Viet exchanged approximately $2.5 million worth of cryptocurrency for the North Korean side, identifying cryptocurrency as a key channel for North Korean IT workers to transfer funds and evade sanctions.

Analysis was conducted on these 21 addresses using the on-chain anti-money laundering analysis platform Beosin KYT and the tracking investigation tool Beosin Trace, with results as follows:

YUN, Song Guk (North Korean national, head of IT workers in Boten, Laos)

ETH:

0xb637f84b66876ebf609c2a4208905f9ddac9d075

0x95584C303FCd48AF5c6B9873015f2AD0ca84EaE3

According to Beosin Trace statistics, approximately 200,851 USDT previously flowed out to various centralized exchanges.

HOANG, Minh Quang (Collaborated to complete IT service transactions exceeding $70,000)

BTC: bc1qyy5pt5cx3zth8xlj92lq5y87dh8xv3nwgs4ncq

Previously, 0.57462 BTC flowed into a Coinbase account.

SIM, Hyon Sop (Representative of North Korea's Kwangsong Bank in China, 11 new addresses added)

Originally frozen address (ETH network):

0x4f47bc496083c727c5fbe3ce9cdf2b0f6496270c

This address had a liquid flow volume of 21,937,732.52 USDT and 2,071,126.59 USDC. Currently, 58,148.62 USDT remains dormant at this address.

Newly sanctioned addresses (ETH network):

0xd04E33461FEA8302c5E1e13895b60cEe8AEfda7F

0x76EA76CA4Eb727f18956aB93445a94c5280412B9

0xFb3eFf152ea55D1BfA04Dbdd509A80fD7b72cdEB

0xFda1Ec4A6178d4916b001a065422D31EBE5F62FF

0x747AFB5c7A7fc34B547cD0FDEbf9b91759C5a52b

Fund flow diagram as follows:

Approximately 98,139.11 USDT, 21,300 USDC, and 0.51268 ETH flowed out.

New TRX addresses:

TPDLpXxPcaSsupEZ3yrVksmNkYP5SLeKxu

TGXE9dGWawjfd3xqFSho1h1bRbRv9wUGrF

TNTFhgFoKH4srBMiWbfrVFqP2AThSmdwf1

TXhf9nU9bjo1j9z5qEesHdr6gtdndfnA4T

TK17wfSPp32RWrnzZPrGpv7TxdNFvvvE2s

TYeQD2VddTZ9NkFkAnT9DD8cUGetGUQZB2

Approximately 6,236.74 TRX and 999,014.46 USDT flowed out.

Same address cross-chain:

ARB: 0x4f47bc496083c727c5fbe3ce9cdf2b0f6496270c

BSC: 0x4f47bc496083c727c5fbe3ce9cdf2b0f6496270c

1,133,025.26 USDT, 935,943.84 BUSD, and 17,811.05 USDC flowed out to various centralized exchanges.

AMNOKGANG TECHNOLOGY DEVELOPMENT COMPANY

ETH:

0xcB74874f1e06Fcf80A306e06e5379A44B488bA2D

0x0330070FD38Ec3bB94F58FA55D40368271E9e54A

0x9Be599d7867f5E1a2D7Ec6dB9710dF2b98A15573

A total of approximately 205.02 ETH, 274,531.15 USDT, and 228,496.97 USDC were involved. Among these, 96.05 ETH remains dormant in address 0x9be599d7867f5e1a2d7ec6db9710df2b98a15573.

Tron network

TNrX2FwrHKoo4XACGkmSzqeK4pdnKYn6Z7

TEEYCuGDyeNkuDj4u6GQRXxXo3Nh29r2vP

TZB4NrX7k9ZsV6PRc1GigAztLL8WHpLvwP

TDe2UNAvuUnTbbDo7518eMe3TXN5qJW8Ft

2,744.75 TRX and 4,941,817.62 USDT flowed out to various centralized exchanges.

Beosin Anti-Money Laundering Recommendations

This action is another measure by the U.S. Treasury Department to continuously combat North Korea's use of cryptocurrency to evade sanctions. For the virtual asset industry, how to conduct anti-money laundering compliance screening and identify addresses involved in high-risk funds has become a key capability for Virtual Asset Service Providers (VASPs).

İlgili Sorular

QWhat action did the U.S. Treasury's OFAC take on March 12 regarding North Korean IT workers?

AThe U.S. Treasury's Office of Foreign Assets Control (OFAC) sanctioned 6 individuals and 2 entities involved in a North Korean-led IT worker fraud network.

QHow much money was involved in the fraudulent activities in 2024, according to the OFAC announcement?

AThe amount involved in the fraudulent activities in 2024 was nearly $800 million.

QWhat was the primary purpose of the funds obtained by the North Korean government through these IT workers?

AThe North Korean government seized the vast majority of the overseas IT workers' salaries to obtain hundreds of millions of dollars in funding for its weapons of mass destruction and ballistic missile programs.

QHow many cryptocurrency addresses were sanctioned in this action, and which platform was used to analyze them?

AA total of 21 cryptocurrency addresses were sanctioned. They were analyzed using the Beosin KYT on-chain anti-money laundering analysis platform and the Beosin Trace investigation tool.

QWhat key capability is mentioned as crucial for Virtual Asset Service Providers (VASPs) in light of these actions?

AFor Virtual Asset Service Providers (VASPs), the key capability mentioned is conducting anti-money laundering compliance screenings to identify addresses involved with high-risk funds.

İlgili Okumalar

The AI Cycle Is Here: Should Web3 Entrepreneurs Pivot to AI?

The article discusses whether Web3 entrepreneurs should pivot to AI amid the growing AI trend, using the metaphor of "raising lobsters" to symbolize the current hype. It notes that while Web3 projects are exploring AI agents for blockchain interactions, identity systems, and payments, many teams are merely chasing narratives rather than building sustainable products. The author cautions against abrupt shifts to AI, highlighting the high barriers, intense competition, and the risk of abandoning hard-earned Web3 expertise. Instead, they suggest a hybrid approach: leveraging Web3’s strengths—such as decentralized data verification, identity management, and micro-payment systems—to address AI’s unresolved challenges like data provenance, agent collaboration, and automated settlements. Key considerations for Web3 teams include assessing their core competencies (e.g., data infrastructure, identity protocols, or application layers), identifying real-world use cases with paying users, and evaluating existing resources (data networks, developer ecosystems) to avoid building in isolation. The goal is to abandon narrative-driven pivots and focus on practical integrations where crypto and AI complement each other.

marsbit26 dk önce

The AI Cycle Is Here: Should Web3 Entrepreneurs Pivot to AI?

marsbit26 dk önce

Disney's Olaf Robot Goes Viral, Trump Postpones Visit to China...

Here is a summary of the key discussions from crypto KOLs on X over the past 24 hours: **Disney's Olaf Robot Steals the Show at GTC:** A highly advanced, animatronic Snowman Olaf from Disney became a major talking point at the conference. Users noted its "humanized interaction" capabilities, powered by the Jetson AGX Thor chip, which allows for real-time multi-modal reasoning and complex motion training. This was seen as a significant milestone for AI scaling laws entering the physical world. Some pointed out that the on-stage dialogue was pre-recorded and that a similar robot has existed for years. **Trump Postpones Visit to China:** Former President Donald Trump's decision to delay a planned trip to China was widely discussed. Commentators characterized the move as typical of his unpredictable, "随心所欲" (whimsical) nature. Some speculated he might be "operating a prediction market," with one user quipping, "The first rule of winning: never go where you lose." **Yi Lihua Announces New Fund:** Crypto investor Yi Lihua announced he is preparing a new fund platform. The community response was mixed and skeptical. Replies ranged from praising his good attitude to accusations of market manipulation, suggesting his public statements are often contrary to his actual actions, such as secretly shorting the market or encouraging others to "lift the sedan chair" for his exit. **KOLs on Passive Income:** Several key opinion leaders shared their views and strategies for generating passive income, though specific details of these discussions were not elaborated in the provided text.

比推28 dk önce

Disney's Olaf Robot Goes Viral, Trump Postpones Visit to China...

比推28 dk önce

‘Liquidity still low’- Bitcoin’s $75K rally looks fragile, warns analysts

Despite Bitcoin's recovery to $75,000, analysts from Amberdata warn that the rally appears fragile due to structurally weak orderbook liquidity, which remains below pre-October crash levels. Current liquidity, though improved to over $30 million, is still insufficient compared to the $40 million+ considered healthy, making the market vulnerable to large downward moves if selling pressure returns. A decline below $25 million in liquidity, combined with high volume, could trigger significant liquidation cascades. Additionally, increased Bitcoin inflows and potential resistance near $75,000–$85,000 may cool the rally. For a sustained breakout, Bitcoin must firmly hold above $75,000 as support, indicating strong spot-driven demand.

ambcrypto58 dk önce

‘Liquidity still low’- Bitcoin’s $75K rally looks fragile, warns analysts

ambcrypto58 dk önce

Dogwifhat Jumpstarting The Solana Meme Coin Season: Analyst Predicts 750% Rally For WIF

The Solana meme coin season is potentially being jumpstarted by Dogwifhat (WIF), with analyst John Carter predicting a massive 750% price rally. Carter's technical analysis points to a descending channel pattern on WIF's chart, with the coin currently testing a critical support zone between $0.170 and $0.185. He suggests this indicates potential accumulation and a staged recovery, targeting key resistance levels at $0.27, $0.36, $0.48, $0.70, $0.85, and $1.03, with the upper channel boundary near $1.35 representing the final profit-taking zone. This outlook comes as WIF experiences a 15% weekly surge, rebounding from a prolonged bearish trend and leading a recovery in meme coins alongside Dogecoin and Shiba Inu.

bitcoinist1 saat önce

Dogwifhat Jumpstarting The Solana Meme Coin Season: Analyst Predicts 750% Rally For WIF

bitcoinist1 saat önce

Fourth Payout: FTX Recovery Trust Plans ~$2 Billion Distribution To Creditors At Month-End

FTX and its Recovery Trust will begin the fourth distribution to creditors on March 31, 2026, with approximately $2.2 billion to be paid. Eligible claimants will receive funds via their chosen provider—BitGo, Kraken, or Payoneer—within one to three business days. This follows previous distributions in February, May, and September 2025. Under the established priorities, US Customer Entitlement Claims will receive a 5% distribution, achieving full 100% cumulative recovery. Other classes, including General Unsecured Claims and Digital Asset Loan Claims, will also reach 100% recovery, while Convenience Claims will total 120%. Additionally, a payment to preferred equity holders is scheduled for May 29, 2026. Meanwhile, FTX’s native token FTT traded at $0.28, down nearly 8% in 24 hours.

bitcoinist2 saat önce

Fourth Payout: FTX Recovery Trust Plans ~$2 Billion Distribution To Creditors At Month-End

bitcoinist2 saat önce

İşlemler

Spot

Futures