The U.S. Treasury Department has taken significant action against individuals and entities purportedly involved in a scheme to facilitate North Korea’s illicit financial activities. Sanctions were imposed on six individuals and two companies accused of helping North Korea convert $800 million into cryptocurrency in 2024, aimed at laundering funds and supporting its weapons of mass destruction (WMD) initiatives.
The Treasury’s Office of Foreign Assets Control (OFAC) detailed the operation, which allegedly involved placing IT workers in foreign companies and redirecting their earnings back to Pyongyang. This network reportedly operated across various countries, including Vietnam, Laos, and Spain, exploiting the global economy to its advantage.
North Korea, officially known as the Democratic People’s Republic of Korea (DPRK), has been known for years to target cryptocurrency systems to embezzle and launder money. In a striking statistic, blockchain analytics firm Chainalysis reported that hackers connected to the DPRK stole a staggering $2 billion in cryptocurrency last year.
The network sanctioned by OFAC relied on a diverse array of crypto infrastructure to facilitate the movement of funds. This included centralized exchanges, hosted wallets, decentralized finance (DeFi) services, and cross-chain bridges. In a comprehensive move, the sanctions covered 21 crypto wallet addresses spanning multiple blockchains such as Ethereum, Tron, and Bitcoin, which highlights the DPRK’s evolving multichain strategy for obscuring the trail of illicit funds.
Treasury Secretary Scott Bessent explained the modus operandi of the North Korean regime, stating that it employs overseas IT operatives to execute deceptive tactics against American companies. These tactics often involve leveraging sensitive data and extorting financial compensation from businesses.
According to the Treasury’s report, teams backed by the DPRK manipulated fraudulent documents, assumed stolen identities, and created false personas to secure employment with legitimate firms, including those based in the U.S. and allied nations. The North Korean government is alleged to have seized the majority of the wages earned by these overseas IT workers, generating hundreds of millions of dollars that were funneled into the country’s WMD and ballistic missile projects. Some workers reportedly managed to infiltrate company networks, deploying malware to extract proprietary and sensitive information.
Among the individuals sanctioned was Nguyen Quang Viet, the CEO of Quangvietdnbg International Services Co. in Vietnam. The Treasury has accused him of converting approximately $2.5 million into cryptocurrency for North Korean operatives between mid-2023 and mid-2025.
