US Sanctions North Korea Over Crypto Theft

2025-07-09
US Sanctions North Korea Over Crypto Theft

Tensions between the United States and North Korea have escalated again, this time over cryptocurrency theft and infiltration schemes. 

On July 9, the US Treasury announced sanctions against individuals and companies linked to operations designed to steal crypto and secretly fund North Korea’s missile development.

These measures show how serious the US is about cracking down on North Korean cyber activities. While Pyongyang has long been infamous for high-profile hacks by groups like Lazarus, it is now moving to stealthier tactics: infiltration and deception.

Read Also: What Is the Clarity Act Crypto? A Simple Guide

Key Takeaways

  • The US sanctioned North Korean and Russian individuals and companies accused of helping IT workers infiltrate American crypto firms.
  • These workers allegedly funded North Korea’s missile programs by posing as remote employees.
  • Experts say North Korea is shifting away from massive hacks and focusing more on deception-based schemes.
  • The sanctions freeze US assets linked to the accused and ban any business dealings with them.

Register now on Bitrue — a trusted crypto exchange used by millions worldwide. Bitrue gives you access to hundreds of tokens, low-fee trading pairs, and high-yield staking opportunities. Whether you're buying Bitcoin, trading altcoins, or exploring new DeFi projects, Bitrue makes it easy to get started. Sign up today and start your crypto journey in minutes.

What Prompted the Sanctions on North Korean Tech Workers?

According to the Treasury’s Office of Foreign Assets Control (OFAC), North Korea has been planting IT professionals in US companies. 

These workers used stolen American identities to secure remote jobs. Once inside, they allegedly stole funds or sensitive data.

One of the people sanctioned, Song Kum Hyok, was accused of gathering personal information to create fake profiles for North Korean operatives. Another, Russian national Gayk Asatryan, reportedly ran companies that hired dozens of North Korean IT workers under contracts with Pyongyang’s trading firms.

The US also named four Russian companies that facilitated these operations. Any US-based assets connected to them are now frozen. Americans are banned from conducting any transactions with the sanctioned parties.

Read Also: North Korea Now Has More Bitcoin (BTC) Than El Salvador, Thanks to Lazarus?

Why Is North Korea Targeting Crypto Companies?

North Korea has relied on cybercrime for years to fund its government and weapons programs. 

But in recent years, its focus on crypto has intensified. Digital assets are easier to move, harder to trace, and often don’t have the same oversight as banks.

Groups like Lazarus have pulled off billion-dollar heists. For example, the Bybit exploit earlier this year resulted in a loss of $1.5 billion. 

However, blockchain firm TRM Labs says North Korea is now evolving. Instead of only hacking exchanges, they are infiltrating companies to earn money over time.

How Big Is This Operation?

The scale is enormous. OFAC said North Korea has dispatched thousands of skilled IT workers around the world, mainly in Russia and China. They target wealthier nations where crypto companies are more common.

While it’s hard to measure the full impact, TRM Labs estimates North Korean-linked actors are behind $1.6 billion of the $2.1 billion stolen in 75 crypto hacks so far in 2025. That figure shows just how sophisticated these networks have become.

Read Also: 17 Most Used Cryptocurrencies in the USA

What Are the Consequences of These Sanctions?

The sanctions freeze all US assets tied to the accused people and companies. It is now illegal for Americans to do any business with them. Violations can lead to heavy civil or criminal penalties.

For the crypto industry, this is another warning sign that compliance requirements are likely to get tougher. Exchanges and DeFi platforms may need to strengthen identity checks and anti-money laundering controls to avoid penalties.

The US Treasury said it will keep using every tool possible to cut off North Korea’s access to funds. Officials hope this will slow Pyongyang’s missile development and weaken its cyber operations.

Are These Sanctions a Shift From Past Tactics?

Yes. In the past, the US mainly targeted well-known hacking groups like Lazarus. While those groups are still active, infiltration through fake employment is harder to detect.

The Treasury confirmed North Korea’s tactics are changing. TRM Labs said that while hacks remain a big problem, infiltration schemes are now a top strategy. This shift means companies can’t rely only on cybersecurity tools. They need to vet employees closely, especially for remote positions.

Read Also: North Korea's $1.5B ETH Hack Tragedy

What Does This Mean for Crypto Security?

This development shows how crypto’s borderless nature makes it appealing to cybercriminals. Even with better security, deception and social engineering can still get through.

Firms will probably respond by tightening KYC rules and screening employees more thoroughly. Some may limit remote work from regions known for these threats.

For investors and traders, the risks of scams and compromised platforms will keep growing as North Korea refines its approach. Staying cautious and using trusted exchanges is more important than ever.

Read Also: The US-China Trade Deal Update, Bitcoin Price Surges!

FAQ

What did the US accuse North Korea of doing?

The US accused North Korea of sending thousands of IT workers abroad to pose as employees, infiltrate crypto companies, and steal funds to support missile programs.

Why did the US sanction Russian companies and individuals?

Russian companies and individuals were sanctioned because they helped North Korean workers get jobs and move money by signing contracts with North Korean trading firms.

Is North Korea still hacking exchanges?

North Korea is still hacking exchanges, but they are also focusing more on infiltration and deception to gradually earn revenue.

How much crypto has North Korea stolen recently?

TRM Labs estimates North Korean-linked actors stole about $1.6 billion in the first half of 2025 alone.

What can companies do to protect themselves?

Companies should strengthen identity checks, monitor unusual access patterns, and be careful when hiring remote workers from higher-risk regions.

crypto-fraud

Disclaimer: The content of this article does not constitute financial or investment advice.

Register now to claim a 1012 USDT newcomer's gift package

Join Bitrue for exclusive rewards

Register Now
register

Recommended

Bitcoin vs Sovereign Bonds: Why More Investors Are Pivoting to Crypto in 2025
Bitcoin vs Sovereign Bonds: Why More Investors Are Pivoting to Crypto in 2025

As inflation, debt downgrades, and market volatility challenge traditional bonds, Bitcoin is emerging as a serious alternative. Explore why even risk-averse investors are adding BTC to their portfolios and how it stacks up against sovereign bonds.

2025-07-09Read
How to Claim Pepe Multiverse Airdrop - A Complete Guide
How to Claim Pepe Multiverse Airdrop - A Complete Guide

Join the $500,000+ $PEPPE Airdrop Contest and explore Pepe Multiverse, a Web3 ecosystem merging memes, NFTs, and staking. Discover how to enter, win big, and engage in the frog-fueled digital economy.

2025-07-09Read
Is Trump Angry at Powell Again? Trump Escalates Attacks on Fed Chair Powell
Is Trump Angry at Powell Again? Trump Escalates Attacks on Fed Chair Powell

Donald Trump intensifies criticism of Fed Chair Jerome Powell over interest rate policy and renovation costs, calling for his resignation while floating potential replacements ahead of Powell’s 2026 term end.

2025-07-09Read