$3 Billion In Crypto Cybercrime Leads To Stricter US Sanctions On North Korea

The United States has intensified its efforts to disrupt North Korea’s clandestine financial networks by imposing new sanctions on individuals and institutions accused of facilitating the laundering of crypto linked to cyberattacks.

Crypto To Support Nuclear Initiatives?

On Tuesday, the US Treasury Department’s Office of Foreign Assets Control (OFAC) announced the designation of eight individuals and two entities involved in processing funds derived from cybercrime and fraudulent activities related to IT workers.

According to OFAC, these North Korean banks played a crucial role in managing funds, including approximately $5.3 million (around 7.63 billion Korean won) in crypto, through the “First Credit Bank.”

Some of these funds have been reportedly utilized in activities targeting US citizens and may be connected to North Korean ransomware actors who have profited from the labor of North Korean IT workers.

In addition to the individuals, the sanctions also extend to the Chosun Mangyongdae Computer Technology Company (KMCTC), an IT firm based in North Korea that dispatches teams of IT workers to cities like Shenyang and Dandong in China.

The US Treasury has highlighted the scale of North Korean cyber operations, stating that these actors engage in espionage, “destructive cyberattacks,” and financial theft unmatched by any other nation.

John Hauli, the Treasury’s Under Secretary for Terrorism and Financial Intelligence, remarked that hackers supported by the North Korean regime steal and launder funds to finance their nuclear weapons initiatives. He emphasized that these actions pose a direct threat to both US and global security.

North Korean IT Operations

Blockchain intelligence company TRM Labs has reported that addresses associated with Cheil Bank exhibit consistent inbound flows resembling salary payments. With OFAC updating the designation of the Korea Computer Center these financial flows likely represent income from IT workers employed under false pretenses.

Between June 2023 and May 2025, wallets controlled by Cheil received over $12.7 million, indicating prolonged activity over two years.

Many of these addresses have also been mentioned in reports from the Multilateral Sanctions Monitoring Team (MSMT), a US-led coalition that has replaced the United Nation (UN) Panel of Experts on North Korea following its dissolution due to a Russian veto.

The MSMT has traced how Cheil Bank and other DPRK-affiliated entities facilitate payroll, payments, and laundering mechanisms across North Korea’s broader sanctions-evasion network.

Over the past three years, it is estimated that North Korea has siphoned off more than $3 billion (approximately 4.32 trillion Korean won), primarily through crypto, often employing sophisticated tools such as advanced malware.

In 2025 alone, hackers allegedly took $2.7 billion, significantly driven by the record-setting $1.5 billion hack of crypto exchange Bybit in February.

The funds acquired through these operations are laundered through various intermediaries—including OTC brokers and FX dealers—before being converted to fiat and funneled back into DPRK-controlled accounts.

The newly designated individuals and entities are seen as critical nodes in Pyongyang’s financial network, responsible for moving millions of dollars annually in breach of UN Security Council resolutions to bolster its nuclear and missile programs.

Crypto