A Closer Look at the USDT Theft

In a move to safeguard the interests of affected companies, the DOJ has filed civil forfeiture complaints to reclaim $15.1 million in Tether’s USDT, which was illicitly obtained by North Korean hackers in 2023. These funds were traced back to Advanced Persistent Threat 38 (APT38), a notorious North Korean hacking group responsible for several high-profile cryptocurrency heists.

The funds were seized by the FBI in March 2025, and the DOJ is now seeking court approval to return the assets to their rightful owners. Although the specific incidents are not elaborated upon, the circumstantial evidence points to a series of hacks, including the $100 million theft from Poloniex in November 2023, the $37 million hack of CoinsPaid in July 2023, and the $60 million attack on Alphapo, among others.

How U.S. Citizens Facilitated the Breach

The DOJ revealed that four U.S. citizens and one Ukrainian national played a pivotal role in assisting North Korean hackers. These individuals, including Audricus Phagnasay, Jason Salazar, Alexander Paul Travis, and Erick Ntekereze Prince, admitted to wire fraud conspiracy. They provided their identities to the hackers and hosted company laptops at their residences, creating the illusion that these workers were based in the United States. Ukrainian national Oleksandr Didenko also pleaded guilty to similar charges.

These schemes allowed North Korean IT workers to fraudulently secure employment at over 136 U.S. companies, generating more than $2.2 million in revenue for North Korea. This operation resulted in the theft of identities from over 18 U.S. citizens, further highlighting the extensive reach of these cybercriminal activities.

Implications and Ongoing Efforts

The DOJ continues to trace and seize stolen virtual currencies as North Korean hackers persist in laundering funds through various channels like virtual currency bridges and exchanges. The regime’s reliance on cryptocurrency theft, alongside remote IT worker schemes, represents a significant violation of international sanctions.

In 2025 alone, North Korean hackers have amassed over $2 billion in cryptocurrency, according to an analysis by Elliptic. This positions the regime as one of the most prolific players in global crypto theft operations.

The DOJ’s actions underscore the ongoing threat posed by North Korean cyber activities and the critical importance of international cooperation to combat such threats effectively. As the digital landscape continues to evolve, robust security measures and vigilant monitoring remain essential to safeguarding against these sophisticated cybercrimes.

The post North Korean Hackers’ Amazing $15M USDT Theft Unveiled appeared first on Crypto Market Insights: Dive In with CryptoUpdate.io.

DOJ’s Focus on DeFi and Chain Bridges

Eun Young Choi, director of the US Department of Justice (DOJ) national cryptocurrency enforcement team (NCET), revealed in a Financial Times report published on May 15 that the department is prioritizing the investigation of DeFi-related thefts and hacks, especially those concerning chain bridges. Choi highlighted that the rise of North Korean state-sponsored hackers as key perpetrators in these cybercrimes makes this issue particularly significant for the DOJ.

According to a Cointelegraph report from February, these North Korean hackers are believed to have pilfered crypto assets ranging from $630 million to over $1 billion in 2022. Choi, who was appointed as the inaugural director of the NCET in February 2022, brings almost a decade of DOJ experience to her role.

The DOJ had previously underscored that “mixing and tumbling services” would be the agency’s primary target. However, there was no specific mention of DeFi platforms at that time.

DOJ Targets Crypto Firms Engaging in or Enabling Crime

Speaking at the Financial Times Crypto and Digital Assets Summit, Choi clarified that the DOJ is targeting crypto firms either involved in committing crimes or those enabling crimes, such as money laundering. By focusing on these platforms, the department aims to create a “multiplier effect,” making it harder for criminals to profit from their illicit activities.

Choi also noted a significant increase in the use of digital assets for a variety of illicit activities over the past four years. DeFi platforms, in particular, have been the targets of numerous attacks recently.

Recent Attacks on DeFi Platforms

The most significant DeFi hack this year occurred on March 13 when Euler Finance fell victim to a flash loan attack. Over $196 million in DAI, USDC, staked Ether (StETH), and Wrapped Bitcoin (WBTC) were stolen. Furthermore, in November 2022, the DeFi trading platform Mango Markets was exploited due to its low liquidity, leading to a significant fund drain.

The exploiter deposited $5 million of their own money into the platform, skyrocketing the price of MNGO from $0.03 to $0.91 and inflating their MNGO holdings to $423 million. They then acquired a $116 million loan using various tokens on the platform, including Bitcoin (BTC), Solana (SOL), and Serum (SRM), effectively depleting Mango Markets’ entire liquidity.

The post US Justice Department Targets DeFi Cybercriminals Amid Surge in Crypto Crime appeared first on Crypto Market Insights: Dive In with CryptoUpdate.io.