US Treasury Sanctions Alleged $800 Million North Korean IT Worker Fraud Operation
The U.S. Treasury Department sanctioned six individuals and two entities accused of helping North Korea use fraudulent IT workers to infiltrate American companies. This scheme generated nearly $800 million in 2024, funding North Korea’s nuclear and missile programs in violation of U.S. and UN sanctions. North Korean IT workers, using stolen identities and forged documents, secured remote jobs, then sent most of their earnings to the regime. Some workers also planted malware to steal proprietary data. Sanctioned individuals operated in several countries, including Vietnam, Laos, and Spain. Actions included laundering money, opening bank accounts, and converting millions into cryptocurrency for North Korean operatives. All U.S. assets of those sanctioned are frozen, and Americans are barred from business with them; foreign banks risk secondary sanctions for aiding these parties. North Korean state-sponsored hackers remain major perpetrators of crypto thefts, stealing over $2 billion in 2025 alone, including $1.5 billion from crypto exchange Bybit.
