An Arizona woman has been sentenced to over eight years in federal prison for helping North Korean operatives fraudulently secure jobs at U.S. cryptocurrency and tech companies.
Christina Marie Chapman received a 102-month sentence—roughly 8.5 years—after being convicted of wire fraud conspiracy, aggravated identity theft, and money laundering conspiracy, according to a Thursday statement from the U.S. Attorney’s Office for the District of Columbia.
Prosecutors said Chapman collaborated with individuals linked to the Democratic People’s Republic of Korea (DPRK) to help them pose as U.S. citizens and obtain remote IT jobs at more than 300 U.S.-based firms. The scheme reportedly generated over $17 million in illegal earnings.
Chapman pleaded guilty on February 11. In addition to prison time, she was sentenced to three years of supervised release, ordered to forfeit more than $284,000, and pay nearly $177,000 in restitution.
DPRK infiltration is an escalating concern
This case ranks among the largest DPRK-linked IT worker schemes ever prosecuted by the U.S. Department of Justice. It involved the theft of identities from 68 U.S. citizens and the defrauding of 309 American companies, along with two international firms.
However, such incidents are becoming increasingly common. Recent reports revealed that four North Korean operatives infiltrated a U.S. crypto startup and a Serbian virtual token firm by posing as remote IT workers. Using stolen and fabricated identities, they managed to steal over $900,000.
Earlier this month, the U.S. Treasury imposed sanctions on two individuals and four entities tied to a North Korea-operated IT worker ring. The group allegedly targeted crypto companies to exploit them financially. In a post on X, the Treasury Department stated that the regime uses these illicit proceeds to fund its weapons of mass destruction programs.
Last month, hackers masquerading as legitimate IT professionals infiltrated several Web3 projects, making off with approximately $1 million in cryptocurrency.
In early April, Jamie Collier, an adviser with Google’s Threat Intelligence Group (GTIG), issued a warning that North Korean infiltrators had also been discovered within UK-based crypto companies. Reports from late November 2024 further revealed that DPRK-linked hackers had successfully breached “hundreds” of major multinational IT firms.
Legal consequences for US firms?
Some legal experts caution that companies unknowingly hiring fraudulent workers could still face liability under U.S. sanctions law. Crypto-focused attorney Aaron Brogan told Cointelegraph that U.S. sanctions frameworks are “quite broad” and operate under a “strict liability” standard.
“Anyone who engages in sanctioned activity, knowingly or not, is technically culpable,” Brogan said.
Niko Demchuk, head of legal at crypto compliance firm AMLBot, echoed the warning, stating that paying developers tied to North Korea “is generally a breach” of regulations enforced by the U.S. Treasury’s Office of Foreign Assets Control (OFAC).
Demchuk added that companies involved in such transactions risk civil and criminal penalties, reputational damage, secondary sanctions, and violations of banking or export control laws. He emphasized that the use of stolen identities by DPRK actors offers no legal shield.
“If DPRK developers use fake or stolen identities to bypass company sanctions compliance checks and receive payments, the companies could still face legal trouble under OFAC regulations.“
Still, Brogan said, OFAC is probably unlikely to pursue companies that unknowingly hired fraudulent workers.” He said the situation changes “if the scope of work was very sensitive and they didn’t observe reasonable identification verification procedures.”
