The US Treasury has imposed sanctions on two individuals and four organizations implicated in a cryptocurrency theft scheme allegedly orchestrated by North Korea. The infiltration operation targeted crypto firms with the intent to exploit them, according to the Treasury’s Office of Foreign Assets Control (OFAC).
OFAC announced on Tuesday that it had sanctioned North Korea-based Song Kum Hyok for purportedly stealing information from US citizens to create false identities. This information was then passed on to foreign IT workers hired to seek employment in US firms. Additionally, Russian national Gayk Asatryan was sanctioned for reportedly using his companies to employ numerous North Korean IT professionals under long-term contracts initiated with North Korean trading firms in 2024.
There has been a surge in fraudulent IT personnel with connections to North Korea, officially known as the Democratic People’s Republic of Korea (DPRK), enhancing their infiltration operations. A report by Google in April highlighted that the infrastructure for these schemes has spread globally.
“The Treasury will continue to utilize all available resources to disrupt the Kim regime’s attempts to evade sanctions through digital asset theft, the impersonation of Americans, and malicious cyber-attacks,” stated Treasury Deputy Secretary Michael Faulkender.
OFAC revealed that North Korea aims to generate revenue for its ballistic missile programs by deploying a legion of highly skilled IT workers worldwide, primarily in China and Russia. The workforce primarily targets employers in wealthier nations and utilizes a variety of mainstream and industry-specific networking platforms.
The sanctions result in the freezing of all US assets linked to Asatryan, Song, and the four sanctioned Russian entities. US citizens are now prohibited from conducting financial transactions or business dealings with these parties, under the threat of civil and criminal penalties.
North Korea, infamous for high-profile hacks such as the $1.5 billion Bybit exploit, appears to be shifting tactics according to blockchain intelligence firm TRM Labs. “DPRK-linked operations are increasingly shifting towards deception-based revenue generation, including IT worker infiltration,” the firm commented.
TRM Labs estimates that actors aligned with North Korea are responsible for $1.6 billion of the $2.1 billion stolen across 75 crypto hacks and exploits in the first half of 2025.
US authorities have been intensifying their crackdown on fraudulent North Korean IT worker schemes this year. On June 30, four North Korean nationals were charged with wire fraud and money laundering after posing as remote workers at US and Serbian blockchain firms. The US Department of Justice also announced on June 5 that it was attempting to seize $7.74 million in frozen crypto allegedly earned by North Korean IT workers using false identities and working as remote contractors at blockchain firms.
