US TikTok influencer helped North Korean operatives land jobs at 300 Companies: DOJ

An Arizona woman and TikTok influencer has received a multi-year prison sentence for helping North Korean IT workers fraudulently secure remote jobs at over 300 U.S. companies.

Christina Marie Chapman, 50, was sentenced to 102 months in prison by a federal judge in Washington, D.C., after pleading guilty to charges of wire fraud conspiracy, aggravated identity theft, and money laundering conspiracy.

The sentence also includes three years of supervised release. She was ordered to forfeit more than $284,000 and pay $176,850 in restitution.

Chapman operated a “Laptop Farm” for North Korean operatives

According to U.S. authorities, Chapman played a central role in enabling North Korean IT workers to pose as U.S. citizens in order to obtain remote tech jobs. 

Starting around 2020, she operated a “laptop farm” out of her home in Arizona, where computers sent by U.S. companies were connected to remote operatives overseas. 

Using this setup, the bad actors—based largely in China and near North Korea—were able to mask their true locations and appeared as though they were working from within the United States.

Investigators say Chapman went further by shipping at least 49 devices to overseas locations, including a city near the China–North Korea border. A search of her home in October 2023 resulted in the seizure of over 90 laptops, many labeled with the identities of Americans whose personal information had been stolen or borrowed to commit fraud.

What does the Department of Justice allege?

The Department of Justice accused Chapman of helping North Korean workers submit false job applications under stolen U.S. identities, receive wages through U.S. banks, and launder earnings through her own accounts. 

She reportedly forged payroll checks and received direct deposits from the companies that unknowingly hired the North Korean operatives. The income was then transferred overseas while falsely reported to the IRS and the Social Security Administration under the names of U.S. victims.

According to the complaint, Chapman’s actions helped generate over $17 million in illicit revenue for herself and the Democratic People’s Republic of Korea. 

Prosecutors said her efforts also put sensitive American infrastructure at risk by allowing foreign operatives to gain virtual access to Fortune 500 firms, government agencies, aerospace companies, and Silicon Valley tech firms.

Chapman’s operation has been active for several years and was one of the largest of its kind tied to North Korean infiltration efforts.

In total, at least 68 stolen identities were used to deceive 309 U.S. businesses and two international companies. Some job applications even targeted U.S. government agencies, although these attempts were reportedly unsuccessful.

The DOJ’s investigation revealed that Chapman not only managed and organized the hardware infrastructure but also maintained detailed records linking each device to a specific company and identity.

“Today’s sentencing brings justice to the victims whose identities were stolen for this international fraud scheme,” said Special Agent in Charge Carissa Messick of the IRS Criminal Investigation.

Crypto industry remains at risk

Over the years, the North Korean regime has siphoned billions of dollars worth of cryptocurrency assets to fund its sanctioned weapons programs. 

U.S. intelligence reports and private investigations have shown that the DPRK deploys thousands of skilled IT professionals overseas, many of whom use VPNs, fake documents, and stolen identities to embed themselves within Western companies.

A report by Chainalysis found that North Korea-linked hackers stole $1.34 billion in cryptocurrency in 2024 alone. The crypto industry has proven to be a frequent target due to its decentralised nature and relatively relaxed hiring protocols for remote roles.

U.S. agencies have escalated efforts to disrupt North Korea’s IT infiltration network by targeting key infrastructure and operatives.

Despite these efforts, U.S. officials estimate that hundreds of DPRK-linked workers remain embedded in firms worldwide, including in the crypto space.