Treasury Imposes Sanctions on Cryptocurrency IT Fraud Involving North Korea, Russia, and China

On Wednesday, the U.S. Treasury Department imposed sanctions targeting a network of individuals and companies from North Korea, Russia, and China accused of stealing cryptocurrency from U.S. businesses by masquerading as IT professionals.

These sanctions highlight North Korea’s intricate, worldwide IT worker scheme, which has accumulated significant funds for the isolated state over the years. This initiative has employed spies disguised as remote workers in foreign companies to ultimately steal cryptocurrency from within.

Similar tactics have also included deceiving genuine employees using online scams.

The recent sanctions zeroed in on a specific operation allegedly involving a Russian citizen, Vitaliy Andreyev; a North Korean official based in Russia, Kim Ung Sun; a North Korean firm made up of an IT worker delegation; and a Chinese front company associated with that group.

The Russian individual, Andreyev, is accused of aiding North Koreans to convert stolen cryptocurrency into U.S. dollars. The Treasury Department stated that funds sourced from these actions have supported North Korea’s nuclear and ballistic missile programs.

“The North Korean regime persistently targets American businesses through fraudulent schemes utilizing its overseas IT workforce, who steal information and demand ransom,” said John K. Hurley, Under Secretary of the Treasury for Terrorism and Financial Intelligence, in a statement. “During the Trump administration, Treasury remains committed to safeguarding Americans from these operations and holding those responsible accountable.”

This announcement builds on previous actions by the Biden administration to clamp down on North Korea-linked cryptocurrency theft operations. In 2023, the Treasury Department initially sanctioned one of the North Korean IT worker firms central to this announcement, known as Chinyong.

The Trump administration, however, has noticeably diverged from its predecessor’s approach to coin mixing services that facilitate the laundering of stolen cryptocurrency. While the Biden Treasury actively pursued sanctions against such decentralized intermediaries, the Trump administration has avoided taking similar actions recently, claiming a focus solely on the individual wrongdoers involved.

Earlier this month, however, the Trump Department of Justice managed to secure a jury’s conviction of Roman Storm, co-founder of the widely-used coin mixing service Tornado Cash, on an illegal money transmitting charge.

Subsequently, the DOJ appeared to retract its statement, assuring a group of cryptocurrency industry leaders weeks later that it wouldn’t pursue charges against developers of “truly decentralized” software that does not have custody of user funds, even if such software is misused by criminal organizations for money laundering.