An Arizona woman and TikTok influencer has been sentenced to more than eight years in prison for assisting North Korean IT workers in fraudulently obtaining remote jobs at over 300 U.S. companies.
Christina Marie Chapman, 50, received a 102-month prison sentence from a federal judge in Washington, D.C., after pleading guilty to wire fraud conspiracy, aggravated identity theft, and money laundering conspiracy.
In addition to the prison term, Chapman was sentenced to three years of supervised release. She was also ordered to forfeit over $284,000 and pay $176,850 in restitution.
Chapman ran a “laptop farm” to support North Korean operatives
According to U.S. authorities, Chapman played a key role in helping North Korean IT workers impersonate U.S. citizens to secure remote tech jobs.
Beginning around 2020, she operated a “laptop farm” out of her Arizona home, connecting computers—sent by American companies—to operatives located overseas. This setup allowed the foreign workers, primarily based in China and near the North Korean border, to disguise their true locations and appear as if they were working from within the United States.
Investigators revealed that Chapman also shipped at least 49 devices to locations abroad, including a city near the China–North Korea border. When her home was searched in October 2023, authorities found over 90 laptops, many tagged with the names of Americans whose identities had been stolen or misused for fraudulent purposes.
What does the Department of Justice allege?
The Department of Justice has accused Christina Chapman of aiding North Korean IT workers in submitting fraudulent job applications using stolen U.S. identities, collecting wages through American banks, and laundering the proceeds through her own financial accounts.
According to prosecutors, Chapman forged payroll checks and received direct deposits from companies that were unaware they had hired foreign operatives. She then funneled the earnings overseas while falsely reporting the income to the IRS and Social Security Administration under the names of unsuspecting U.S. victims.
Authorities say Chapman’s actions helped generate more than $17 million in illicit revenue for herself and the Democratic People’s Republic of Korea (DPRK). Her activities also posed a serious national security threat by giving North Korean operatives virtual access to sensitive sectors—including Fortune 500 companies, U.S. government agencies, aerospace contractors, and major Silicon Valley tech firms.
Chapman’s operation, active for several years, was one of the largest U.S.-based schemes linked to North Korea’s global cyber infiltration efforts. Investigators found that at least 68 stolen identities were used to deceive 309 U.S. businesses and two international firms. Some fraudulent job applications even targeted U.S. government entities, though those attempts were ultimately unsuccessful.
The DOJ’s investigation revealed that Chapman not only ran the technical side of the operation—managing a network of devices tied to fake identities—but also kept meticulous records matching each laptop to a specific company and stolen identity.
“Today’s sentencing brings justice to the victims whose identities were stolen for this international fraud scheme,” said IRS Criminal Investigation Special Agent in Charge Carissa Messick.
Crypto industry remains at risk
Over the years, North Korea has funneled billions of dollars in stolen cryptocurrency to support its heavily sanctioned weapons programs.
U.S. intelligence and independent investigations have revealed that the DPRK employs thousands of skilled IT professionals abroad, many of whom use VPNs, forged documents, and stolen identities to infiltrate Western companies under false pretenses.
A 2024 report by Chainalysis found that North Korea-linked hackers stole an estimated $1.34 billion in cryptocurrency that year alone. The crypto sector has become a prime target due to its decentralized structure and relatively lenient remote hiring practices.
In response, U.S. agencies have ramped up efforts to dismantle North Korea’s global IT infiltration network by going after its infrastructure and key operatives.
Still, officials warn that hundreds of DPRK-affiliated workers remain embedded in companies around the world, particularly within the cryptocurrency industry.
