- DOJ Seizes $15M in Stolen Crypto Linked to North Korea
- FBI Targets North Korean Hackers with Ongoing Forfeiture Investigation
- Five Plead Guilty for Helping North Korean IT Workers Infiltrate U.S.
The U.S. Department of Justice (DOJ) has moved to seize more than $15 million in stolen cryptocurrency linked to North Korean hackers. The funds, primarily in Tether’s USDT stablecoin, were stolen as part of a series of cyberattacks conducted by the notorious North Korean hacking group, Advanced Persistent Threat 38 (APT38).
These heists, which targeted multiple virtual currency platforms in 2023, have now led to the DOJ filing two civil forfeiture complaints seeking to keep the stolen assets.
Also Read: Document Shows Ripple/XRP to Emerge as Dominant Payment System Amid ISO 20022 Rollout
FBI Seizure and Ongoing Investigation
The seized $15.1 million was part of a broader effort by APT38 to steal and launder cryptocurrency. The FBI seized the funds in March 2025 and is now seeking court approval to forfeit the assets and return them to their rightful owners.
While the DOJ has not confirmed the exact hacks involved, indications point to major incidents, including the November 2023 hack of the Poloniex exchange, the $37 million hack of CoinsPaid, and the $60 million attack on payments’ processor Alphapo. All of which were attributed to APT38.
In its ongoing investigation, the DOJ highlights the challenges posed by North Korea’s methods of laundering stolen cryptocurrency through virtual currency bridges, mixers, and exchanges. Despite these efforts, law enforcement continues to track the movement of illicit funds, with further actions expected as the investigation progresses.
Guilty Pleas in Fraud Scheme Involving U.S. and Foreign Nationals
The DOJ also announced that it has secured guilty pleas from five individuals involved in a scheme to help North Korean IT workers infiltrate U.S. companies. Four U.S. citizens—Audricus Phagnasay, Jason Salazar, Alexander Paul Travis, and Erick Ntekereze Prince pleaded guilty to wire fraud conspiracy charges.
These individuals admitted to providing their identities and hosting company-issued laptops, making it appear as if North Korean workers were based in the United States.
International Collaboration in Combating North Korean Cybercrime
Additionally, Ukrainian national Oleksandr Didenko pleaded guilty to wire fraud conspiracy and aggravated identity theft for stealing U.S. citizens’ identities and selling them to North Korean IT workers. Didenko facilitated the placement of North Korean workers at 40 U.S. companies, generating over $2.2 million in revenue for North Korea. As part of his plea deal, Didenko agreed to forfeit more than $1.4 million.
This scheme, which affected more than 136 U.S. companies and compromised the identities of over 18 individuals, highlights the growing reliance by North Korea on remote IT work to bypass international sanctions. North Korean IT workers, earning as much as $300,000 annually, have become a significant revenue stream for the regime, further funding programs under the country’s Ministry of Defense.
As investigations into these cybercrimes continue, the DOJ remains committed to holding those involved in enabling North Korean illicit activities accountable.
Also Read: Monero (XMR) Price Prediction 2025–2029: Will XMR Hit $500 Soon?
