The U.S. Department of Justice (DOJ) has intensified its campaign against North Korea’s illicit revenue networks, securing new criminal convictions and seizing an additional $15 million in cryptocurrency linked to the regime’s fraud operations. These schemes, which have expanded rapidly over the past decade, rely on North Korean nationals posing as remote IT workers for U.S. companies, secretly funneling salaries and stolen funds back to Pyongyang.
DOJ Announces New Convictions and Crypto Seizures
The latest crackdown includes several new guilty pleas tied to identity fraud, crypto laundering, and the facilitation of North Korea’s covert global workforce. As part of the operation, authorities confiscated another $15 million in USDT, funds traced to North Korean-operated heists and fraudulent employment pipelines.
One of the key cases involves Oleksandr Didenko, a Ukrainian national who admitted to selling stolen and fabricated U.S. identities to North Korean IT operatives. These identities were then used to gain employment at American companies, enabling sanctioned workers to quietly extract U.S. income and forward it to the regime. Didenko will forfeit $1.4 million as part of his plea deal.
How the Fake Remote-IT Scheme Works
North Korea’s remote-worker program hinges on operatives disguised as foreign freelancers. Using falsified documents, VPN masking, and stolen Western digital identities, they obtain positions at U.S. software, blockchain, and technology firms.
The DOJ noted that the wages earned through these jobs flow straight into the regime’s coffers, supporting state-run hacking units, cybertheft operations, and weapons development programs. Several additional facilitators have now pleaded guilty to helping North Korean nationals secure these jobs, often by providing forged documents, managing communications, or routing payments on their behalf.
Treasury and DOJ Align on Disrupting Pyongyang’s Global Revenue Network
The enforcement actions come during a coordinated U.S. government effort to strip North Korea of the financial channels it relies on to evade international sanctions.
In November 2025, the Treasury Department sanctioned eight North Korean bankers and two affiliated entities for orchestrating crypto laundering operations across Asia and the Middle East. These networks have played an essential role in moving funds stolen through cyberattacks, ransomware, and fraudulent remote work schemes.
Together, the DOJ’s criminal actions and Treasury’s sanctions aim to systematically dismantle the infrastructure North Korea uses to access hard currency and cryptocurrency, a vital resource for its weapons programs.