An Arizona woman has been sentenced to more than eight years in federal prison for helping North Korean operatives infiltrate US cryptocurrency and tech firms using stolen identities and fraudulent documents.
According to a Thursday announcement by the US Attorney’s Office for the District of Columbia, Christina Marie Chapman was convicted of wire fraud conspiracy, aggravated identity theft and money laundering conspiracy. She was sentenced to 102 months, or roughly 8.5 years in prison.
Prosecutors said Chapman worked with operatives tied to the Democratic People’s Republic of Korea (DPRK) to obtain remote IT positions at more than 300 U.S.-based companies. The North Korean workers posed as US citizens and residents, and the scheme generated over $17 million in illicit revenue.
Chapman pleaded guilty on Feb. 11. In addition to her prison sentence, Chapman was ordered to serve three years of supervised release, forfeit more than $284,000 in funds tied to the scheme and pay nearly $177,000 in restitution.
Report: Prosecutors link Roman Storm to DPRK hackers in trial opening statements
The case is one of the largest DPRK information technology worker schemes charged by the US Department of Justice. It involved the theft of 68 US persons’ identities and the defrauding of 309 US businesses and two international companies.
Still, this is far from a rare occurrence. Recent reports indicate that four North Korean individuals infiltrated a US crypto startup and a Serbian virtual token company by posing as remote IT workers, using stolen and fabricated identities, stealing over $900,000.
Earlier this month, the US Treasury sanctioned two people and four entities involved in what it says was a North Korea-run IT worker ring that would infiltrate crypto companies, aiming to exploit them. The US Treasury Department explained in an X post at the time that North Korea uses the ill-gotten funds to finance its weapons of mass destruction program.
Last month, hackers posing as legitimate information technology (IT) workers infiltrated Web3 projects, stealing roughly $1 million in cryptocurrency.
In early April, Google Threat Intelligence Group (GTIG) adviser Jamie Collier warned that DPRK infiltrators have also been found in UK crypto companies. According to late November 2024 reports, North Korean hackers were able to infiltrate “hundreds” of large, multinational information technology firms.
Related: Researchers foil $10M DeFi backdoor in thousands of smart contracts
Some legal experts warn that companies hiring fraudulent workers could be held liable under US sanctions law, even if they were unaware of the workers’ true identities. Crypto-focused US lawyer Aaron Brogan told Cointelegraph that US sanctions regimes “are quite broad and impose a ‘strict liability’ regime.” “Anyone who engages in sanctioned activity, knowingly or not, is technically culpable.”
Niko Demchuk, head of legal at crypto compliance firm AMLBot, also told Cointelegraph that paying DPRK-based developers “is generally a breach of the US Department of the Treasury’s Office of Foreign Assets Control (OFAC).”
He said companies involved in such activities risk civil penalties, criminal fines, reputational damage, secondary sanctions, and banking or export control violations. He added that DPRK actors’ use of stolen identities is no excuse:
“If DPRK developers use fake or stolen identities to bypass company sanctions compliance checks and receive payments, the companies could still face legal trouble under OFAC regulations.”
Still, Brogan said, OFAC is probably unlikely to pursue companies that unknowingly hired fraudulent workers.” However, he said the situation changes “if the scope of work was very sensitive and they didn’t observe reasonable identification verification procedures.”
