Peter Zhang
Oct 01, 2025 16:40
North Korean IT workers are reportedly using cryptocurrency to fund weapons programs. Discover the intricate networks facilitating these operations and the global efforts to disrupt them.
North Korean IT workers are reportedly infiltrating global IT companies to earn income in cryptocurrency, which is then used to finance the country’s weapons programs, according to Chainalysis. Over recent years, entities like the U.S. Treasury’s Office of Foreign Assets Control (OFAC) and South Korea’s Ministry of Foreign Affairs have imposed sanctions on individuals and entities supporting these schemes, often identifying them through cryptocurrency addresses.
Sanctioned Operations and Crypto Laundering
Chainalysis closely monitors the involvement of cryptocurrency in North Korea’s revenue generation and laundering activities. Recent sanctions by OFAC have targeted individuals such as a Russian national who facilitated payments to the Chinyong Information Technology Cooperation Company, a DPRK entity employing IT workers abroad. These workers reportedly request payment in stablecoins due to their stable value and use OTC traders to convert cryptocurrency into fiat currency.
Techniques for Obfuscating Transactions
Once compensated, North Korean IT workers utilize various laundering techniques, including chain-hopping and token swapping, to obscure the origin of funds. They employ decentralized exchanges and bridge protocols to complicate tracking. These operations often involve intermediaries who consolidate and layer the funds, eventually transferring them to North Korean representatives using false identities to open accounts at mainstream exchanges.
Global Response and Enforcement Actions
Enforcement actions, such as those by the U.S. Department of Justice, have highlighted the reliance on cryptocurrency for these operations, offering insights into disrupting these networks. Sanctions and advisories from bodies like the HM Treasury’s Office of Financial Sanctions Implementation and the FBI emphasize the need for vigilance against red flags, such as inconsistent identities or unusual payment flows, to detect and prevent these illicit activities.
Companies are advised to implement measures to identify potential DPRK IT worker activities. This includes monitoring for mismatched IP locations, manipulated documents, and preferences for stablecoin payments. By incorporating these checks into compliance frameworks, organizations can help prevent unwitting involvement in North Korea’s sanctions evasion schemes.
For more detailed insights, visit the Chainalysis blog.
Image source: Shutterstock
