North Korea infiltrates Crypto Assets companies! U.S. Treasury: has taken action to sanction 2 individuals and 4 entities.

On Wednesday, July 8, the U.S. Treasury Department took action to impose sanctions on two individuals and four entities for assisting North Korean IT workers in infiltrating Crypto Assets companies. This sanction not only serves as a strong blow against North Korea's illegal activities but also reminds the global Crypto Assets industry of the need to strengthen defenses and remain vigilant against infiltration by malicious actors.

Sanction Target: Assisting North Korean IT Workers to Infiltrate Crypto Assets Companies

The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) announced sanctions against North Korean national Song Kum Hyok and Russian national Gayk Asatryan for their support of North Korean IT workers' actions in the Crypto Assets field.

According to OFAC, Song has connections with North Korea's Reconnaissance General Bureau (RGB) and its affiliated hacking organization Andariel. He is accused of using stolen U.S. citizen information to create false identities, helping North Korean IT staff stationed abroad to secure remote work, primarily in Crypto Assets-related companies. These workers would then share their income with Song, generating revenue for North Korea's approved weapons programs.

Gayk Asatryan is accused of using his companies Asatryan LLC and Fortuna LLC located in Russia to hire dozens of North Korean IT employees through contracts with state-owned trading companies in North Korea.

The two entities, Korea Songkwang Trading Company and Korea Sinna Trading Company, have also been sanctioned for sending workers overseas to provide funding for the North Korean regime.

North Korea's Penetration Strategy: From Direct Hacking Attacks to Deceptive Infiltration

The OFAC stated that these actions are part of a strategic initiative aimed at preventing North Korea from deploying thousands of skilled IT workers primarily located in China and Russia, who use forged documents and false information to gain employment in Crypto Assets and technology companies. Allegedly, once embedded, these malicious actors would utilize free platforms and cryptocurrency exchanges to receive funds and launder them back to the regime.

The Ministry of Finance stated: "These personnel have been instructed to deliberately obscure their identity, location, and nationality, often using false identities, proxy accounts, stolen identities, and forged or counterfeit documents." It added that they frequently utilize freelance platforms and Crypto Assets exchanges to launder income back to North Korea.

Investigators warn that North Korea's cyber infiltration strategy has undergone significant changes in recent years. Early efforts were primarily focused on direct hacking attacks launched by organizations like Lazarus, but now the regime increasingly relies on deceptive means, quietly embedding agents within legitimate companies.

Crypto Assets investigator ZachXBT estimates that as many as 920 North Korean IT workers may have infiltrated the digital asset sector, obtaining over $16 million in wages from unsuspecting employers.

III. Actions by U.S. Authorities and Global Prevention

In light of the scale of the threat, the United States is currently targeting the infrastructure required for North Korea's IT infiltration program. The Department of Justice has recently led a series of actions, filing criminal charges against individuals associated with North Korea and initiating asset forfeiture lawsuits against millions of laundered Crypto Assets.

This sanction action once again reminds the global Crypto Assets industry of the need to strengthen the emphasis on background checks and identity verification. Malicious actors may infiltrate legitimate companies through identity forgery, false information, and other means, taking advantage of their positions to carry out illegal activities. For remote work and freelance platforms, stricter audit mechanisms should be established to prevent similar infiltration risks.

The U.S. Treasury's sanctions against North Korea's malicious infiltration of cryptocurrency companies highlight the international community's zero tolerance for such illegal activities. As North Korea's infiltration strategies evolve, the global cryptocurrency industry faces more covert and complex threats. Strengthening regulatory cooperation, enhancing security awareness, and establishing a more robust identity verification mechanism will be key to safeguarding the security of the cryptocurrency ecosystem and jointly resisting the infiltration of malicious actors.