The US Department of the Treasury has imposed sanctions on several individuals and entities linked to North Korean IT workers infiltrating cryptocurrency companies.
Goals of US Sanctions
The Treasury's Office of Foreign Assets Control (OFAC) announced the sanctions aimed at halting the activities of a North Korean network using stolen identities to infiltrate US crypto companies. Among those sanctioned is Song Kum Hyok, a North Korean operative, who allegedly aided North Korean IT workers by using stolen identities of US citizens. Russian national Gayk Asatryan was also sanctioned for employing North Korean IT workers.
Funding Missiles Through Crypto Work
According to OFAC, North Korea has deployed thousands of skilled IT workers globally, mainly in China and Russia, to generate revenue for its ballistic missile program. These workers often utilize mainstream and industry-specific platforms to secure positions under fraudulent identities. Treasury Deputy Secretary Michael Faulkender stated, 'Treasury remains committed to using all available tools to disrupt the Kim regime’s efforts to circumvent sanctions through its digital asset theft and malicious cyber-attacks.'
North Korean Tactics Shift
Blockchain intelligence firm TRM Labs noted a shift in methods used by North Korean operations, increasingly moving towards deception-based tactics, including infiltration by IT workers posing as legitimate employees. In the first half of 2025, North Korea-linked actors were estimated to have been responsible for $1.6 billion of the $2.1 billion stolen in 75 crypto hacks and exploits. Earlier in June, the Department of Justice moved to seize $7.74 million in crypto linked to fake North Korean IT workers.
The US sanctions highlight the government's determination to combat cybercrime related to North Korea in light of the large-scale threats present in the cryptocurrency world.
