Four North Korean nationals have been charged with wire fraud and money laundering in Georgia after allegedly masquerading as remote IT workers to infiltrate U.S. and Serbian blockchain companies, stealing nearly $1 million in cryptocurrency, federal prosecutors announced Monday.
According to the U.S. Department of Justice (DOJ), the individuals—Kim Kwang Jin, Kang Tae Bok, Jong Pong Ju, and Chang Nam Il—used fake and stolen identities to hide their North Korean nationality while posing as freelance IT developers.
The group is believed to have operated out of the United Arab Emirates in 2019 before securing remote positions at an Atlanta-based blockchain startup and a Serbian virtual token company between late 2020 and mid-2021.
Prosecutors say Kim and Jong submitted forged and stolen identification documents to land their jobs—an approach U.S. Attorney Theodore S. Hertzberg described as a “unique threat” to companies employing remote IT professionals.
Four North Koreans Accused of Stealing $915,000 in Cryptocurrency
After gaining insider access, the defendants allegedly exploited their positions to steal significant amounts of cryptocurrency. In February 2022, Jong diverted approximately $175,000, followed by Kim, who in March exploited vulnerabilities in smart contract source code to steal an additional $740,000.
According to investigators, the stolen funds were laundered through crypto mixers and funneled into exchange accounts controlled by Kang and Chang, all of which were set up using fake Malaysian identification documents.
“These operations are designed to target U.S. companies, circumvent sanctions, and funnel money into North Korea’s illicit activities, including its weapons programs,” said John A. Eisenberg, Assistant Attorney General for National Security.
The case was part of the DOJ’s DPRK RevGen: Domestic Enabler Initiative, a program launched in 2024 targeting North Korea’s illicit revenue streams and US-based enablers.
DOJ Targets North Korean Cryptocurrency Fraud Scheme
In a separate operation, federal agents carried out coordinated raids in 16 states, seizing nearly 30 financial accounts, more than 20 fraudulent websites, and around 200 computers from so-called “laptop farms” used by North Korean operatives to disguise themselves as U.S.-based remote workers.
On Sunday, the DOJ revealed that North Korean IT workers had impersonated U.S. citizens using stolen identities to secure jobs at more than 100 American companies, funneling millions of dollars to Pyongyang and even gaining access to sensitive military information.
Just last month, the DOJ filed a civil forfeiture complaint seeking to seize $7.74 million in cryptocurrency allegedly earned by North Korean operatives posing as remote blockchain contractors under false identities.
