From Code to Crypto Theft: DOJ Charges Four North Koreans for Infiltrating U.S. Companies and Laundering $900K in Virtual Currency

In a high-stakes cybercrime case with international ramifications, the U.S. Department of Justice has unsealed a five-count indictment charging four North Korean nationals with executing a stealthy and sophisticated scheme to steal and launder more than $900,000 in virtual currency—money authorities say was funneled back to fund the DPRK’s weapons programs.

“The defendants used fake and stolen personal identities to conceal their North Korean nationality, pose as remote IT workers, and exploit their victims’ trust to steal hundreds of thousands of dollars,” said U.S. Attorney Theodore S. Hertzberg of the Northern District of Georgia.

The individuals charged—Kim Kwang Jin (김관진), Kang Tae Bok (강태복), Jong Pong Ju (정봉주), and Chang Nam Il (창남일)—allegedly posed as remote IT professionals working for an Atlanta-based blockchain company and a Serbian crypto startup. In reality, they were highly trained operatives dispatched by North Korea’s government to infiltrate and exploit tech firms from within.

According to court documents, the defendants relied on stolen identities, fraudulent documents, and aliases like “Bryan Cho” and “Peter Xiao” to deceive employers and gain privileged access to digital infrastructure.

“North Korean operatives used false identities to infiltrate companies and steal digital assets to fund their regime,” said Paul Brown, Special Agent in Charge of FBI Atlanta.

Once embedded inside these companies, the North Korean developers were assigned access to sensitive projects—including direct control over smart contracts and wallet credentials. Authorities allege that:

• In February 2022, Jong Pong Ju used his access to steal $175,000 in virtual currency.
• In March 2022, Kim Kwang Jin stole another $740,000 by modifying smart contract source code to redirect assets.

“These schemes target and steal from U.S. companies and are designed to evade sanctions and fund the North Korean regime’s illicit programs, including its weapons programs,” said John A. Eisenberg, Assistant Attorney General for National Security.

After executing the digital heists, the stolen crypto was laundered through a virtual currency mixer and routed through exchange accounts held by co-defendants Kang Tae Bok and Chang Nam Il. These exchange accounts were created using fraudulent Malaysian identity documents, further obscuring the money trail.

“To launder the funds after the thefts… the funds were transferred to exchange accounts controlled by the defendants but held in the names of aliases.”

The four defendants were formally indicted on June 24, 2025, by a grand jury in Georgia.

Related Posts:

• DOJ Dismantles North Korean IT Job Scam: Stolen Identities & Laundering Funded DPRK Weapons
• India announces to use artificial intelligence to develop weapon systems
• Millions Stolen: North Korea Hackers Target Blockchain Industry
• DPRK IT Workers: A Global Threat Expanding in Scope and Scale
• RMM Tools: The New Weapon of Choice for Cybercriminals