The US Department of Justice (DOJ) has charged four North Koreans for impersonating as remote IT workers and exploiting companies to steal crypto. The federal prosecutors noted that the operation could be a part of the DPRK strategy to fund its weapons program. In a “cyber-enabled revenue generation network”, perpetrators landed in remote IT jobs using fake and stolen identities. The group exploited their company’s trust to steal and launder over $900,000 in crypto, the DOJ announcement read. The federal prosecutors from the Northern District of Georgia have charged the defendants with a five-count wire fraud and money laundering indictment linked to the scheme. “This indictment highlights the unique threat North Korea poses to companies that hire remote IT workers and underscores our resolve to prosecute any actor, in the United States or abroad, who steals from Georgia businesses,” said U.S. Attorney Theodore S. Hertzberg on Monday. Fraudsters Target Georgia-Based Blockchain Firm, Serbian Crypto Company The case is being handled by the Federal Bureau of Investigation (FBI) and is part of the DOJ’s ‘DPRK RevGen’ plan that targets high-impact North Korea-linked illicit revenue generation rings. According to the investigation, the defendants initially operated as a team in the UAE in 2019. Between December 2020 and May 2021, these perpetrators joined a Georgia-based blockchain firm and a Siberian crypto company as developers. “Both defendants concealed their North Korean identities from their employers by providing false identification documents containing a mix of stolen and fraudulent identity information,” the DOJ revealed. In February 2022, two of the impersonated employers were assigned projects that provided them access to crypto. The defendants used that access to steal digital assets in two separate operations worth $175,000 and $740,000 at the time. They reportedly modified the source code of two employers’ smart contracts. DPRK Crypto Attacks Magnify North Korea has been developing novel and more sophisticated attacks on crypto firms in the recent past. In April, spies from the DPRK infiltrated the US corporate system to feed in a malware campaign targeting crypto developers. They used fake US firms and domains to post job interviews to trick developers into downloading malware. 🚨 North Korean cyber spies reportedly set up fake US firms to deploy malware targeting crypto developers, violating Treasury sanctions. #NorthKorea #CyberSecurity https://t.co/TvCmrspaep — Cryptonews.com (@cryptonews) April 25, 2025 Another sophisticated method to steal crypto is via Zoom meetings, and hiding malware in GitHub. According to Nick Bax of the Security Alliance, a threat group is working to steal data and funds through fake business calls on Zoom . The DPRK-linked players send messages in the chat saying they can’t hear audio, suggesting listeners click on a fake link. Last week, reports revealed that North Korea is targeting Indian crypto job applicants with malware to steal their data.The US Department of Justice (DOJ) has charged four North Koreans for impersonating as remote IT workers and exploiting companies to steal crypto. The federal prosecutors noted that the operation could be a part of the DPRK strategy to fund its weapons program. In a “cyber-enabled revenue generation network”, perpetrators landed in remote IT jobs using fake and stolen identities. The group exploited their company’s trust to steal and launder over $900,000 in crypto, the DOJ announcement read. The federal prosecutors from the Northern District of Georgia have charged the defendants with a five-count wire fraud and money laundering indictment linked to the scheme. “This indictment highlights the unique threat North Korea poses to companies that hire remote IT workers and underscores our resolve to prosecute any actor, in the United States or abroad, who steals from Georgia businesses,” said U.S. Attorney Theodore S. Hertzberg on Monday. Fraudsters Target Georgia-Based Blockchain Firm, Serbian Crypto Company The case is being handled by the Federal Bureau of Investigation (FBI) and is part of the DOJ’s ‘DPRK RevGen’ plan that targets high-impact North Korea-linked illicit revenue generation rings. According to the investigation, the defendants initially operated as a team in the UAE in 2019. Between December 2020 and May 2021, these perpetrators joined a Georgia-based blockchain firm and a Siberian crypto company as developers. “Both defendants concealed their North Korean identities from their employers by providing false identification documents containing a mix of stolen and fraudulent identity information,” the DOJ revealed. In February 2022, two of the impersonated employers were assigned projects that provided them access to crypto. The defendants used that access to steal digital assets in two separate operations worth $175,000 and $740,000 at the time. They reportedly modified the source code of two employers’ smart contracts. DPRK Crypto Attacks Magnify North Korea has been developing novel and more sophisticated attacks on crypto firms in the recent past. In April, spies from the DPRK infiltrated the US corporate system to feed in a malware campaign targeting crypto developers. They used fake US firms and domains to post job interviews to trick developers into downloading malware. 🚨 North Korean cyber spies reportedly set up fake US firms to deploy malware targeting crypto developers, violating Treasury sanctions. #NorthKorea #CyberSecurity https://t.co/TvCmrspaep — Cryptonews.com (@cryptonews) April 25, 2025 Another sophisticated method to steal crypto is via Zoom meetings, and hiding malware in GitHub. According to Nick Bax of the Security Alliance, a threat group is working to steal data and funds through fake business calls on Zoom . The DPRK-linked players send messages in the chat saying they can’t hear audio, suggesting listeners click on a fake link. Last week, reports revealed that North Korea is targeting Indian crypto job applicants with malware to steal their data.