The U.S. Treasury Department imposed sanctions on six individuals and two companies, saying they helped North Korea convert $800 million into cryptocurrency in 2024 to launder and fund its weapons of mass destruction (WMD) programs.
The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) said on Thursday that the operation placed IT workers with foreign companies and transferred their earnings back to Pyongyang. The network operates in several countries including Vietnam, Laos and Spain, according to the Treasury Department.
The Democratic People’s Republic of Korea (DPRK) has been targeting cryptocurrency protocols and networks for years to steal and launder money. Hackers linked to the country stole a record $2 billion in cryptocurrency last year, according to blockchain analytics firm Chainaanalysis.
Chainaanalysis said in a post on its website that the sanctioned network relies on a variety of crypto infrastructure, including centralized exchanges, custodial wallets, decentralized finance (DeFi) services and cross-chain bridges to facilitate the flow of funds.
OFAC’s designations include 21 crypto wallet addresses across multiple blockchains, including Ethereum, Tron and Bitcoin, reflecting what Chainaanalysis researchers describe as North Korea’s increasing use of multi-chain approaches to move and conceal illicit funds.
“The North Korean regime targets American companies through deceptive schemes conducted by its overseas IT personnel, who weaponize sensitive data and extort huge payments from businesses,” U.S. Treasury Secretary Scott Bessent said in a statement.
North Korea-backed teams used fraudulent documents, stolen identities and fabricated personas to gain employment at legitimate companies, including those of the United States and its allies, according to the Treasury Department.
The North Korean government then reportedly embezzled much of the wages earned by these overseas IT workers, earning hundreds of millions of dollars for its weapons of mass destruction and ballistic missile programs. Some employees were able to introduce malware into corporate networks to extract proprietary and sensitive information.
Those sanctioned include Nguyen Quang Viet, CEO of Vietnam-based Quangvietdnbg International Services Co., which the U.S. Treasury said converted approximately $2.5 million into cryptocurrency for North Korean actors between mid-2023 and mid-2025.
