New convictions and a fresh $15 million seizure highlight widening efforts to dismantle DPRK-linked cyber finance operations
The United States has stepped up its campaign against North Korea’s illicit digital finance operations, securing a new round of criminal convictions and confiscating millions in cryptocurrency connected to state-backed cyber groups. The actions reflect a growing push by federal agencies to disrupt how sanctioned actors move money through U.S. companies and global crypto platforms.
DOJ targets domestic facilitators
According to officials, five individuals pleaded guilty to helping North Korean IT operatives infiltrate U.S. workplaces by providing stolen identities, falsified documents and remote employment setups. These “shadow workers” earned salaries from dozens of American firms, funneling the proceeds back to the Democratic People’s Republic of Korea.
Investigators say these operations form part of a larger strategy to finance weapons development and evade sanctions. One senior counterintelligence official noted that “North Korea continues to run a sophisticated global network designed to extract funds from U.S. businesses through deception.” He urged companies to strengthen background checks and remote-worker verification systems.
$15 million in USDT seized from DPRK-linked cyber heists
Alongside the convictions, the Justice Department announced the recovery of another $15 million in Tether (USDT) tied to high-profile crypto breaches attributed to Advanced Persistent Threat 38, a hacking group widely believed to operate under North Korea’s military intelligence apparatus. U.S. agencies have been tracking APT38 for years as it carries out multimillion-dollar raids on digital asset platforms.
A cybersecurity analyst familiar with the matter said the seizure underscores the scale at which DPRK cyber units target blockchain systems to generate hard currency.
The announcement follows a broader enforcement push earlier in the week, when federal agencies revealed the creation of a Strike Force targeting global scam compounds — sources of “pig-butchering” schemes run largely from Southeast Asia. Authorities reported an additional $80 million in recovered funds, which will be used to compensate victims.
Uncertainty over future U.S. crypto reserves
What remains unclear is how much of these seized assets could ultimately be directed into the proposed federal digital asset reserves championed by the current administration. Plans call for a dedicated Bitcoin reserve sourced from forfeitures and a separate pool for other assets, though officials have signaled that congressional approval may be required before the structure becomes permanent.
Together, the latest seizures and prosecutions highlight an intensifying effort to counter North Korea’s digital revenue engines — and to shape how the U.S. manages the growing pool of confiscated crypto assets.
Disclaimer
This content is for informational purposes only and does not constitute financial, investment, or legal advice. Cryptocurrency trading involves risk and may result in financial loss.