The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) has imposed sanctions on six individuals and two entities for their alleged roles in a sophisticated IT worker fraud scheme orchestrated by North Korea, which frequently targets the cryptocurrency industry. The action, announced on Thursday, aims to disrupt a key revenue stream funding North Korea's weapons programs.
The sanctioned entities include Amnokgang Technology Development Company, a North Korean firm accused of managing overseas IT workers, and Quangvietdnbg International Services Company Limited, a Vietnam-based company. The CEO of the latter, Nguyen Quang Viet, is accused of laundering $2.5 million through cryptocurrency for the network. Other sanctioned individuals are Do Phi Khanh, Hoang Van Nguyen, Yun Song Guk, Hoang Minh Quang, and York Louis Celestino Herrera, all allegedly facilitators of DPRK IT worker networks operating in Vietnam, Laos, and Spain.
The sanctions freeze all U.S. assets connected to the named parties and prohibit any financial transactions or business dealings with U.S. persons under threat of civil and criminal penalties.
OFAC's designation included 21 cryptocurrency addresses across the Ethereum and Tron blockchains. Blockchain analytics firm Chainalysis noted this reflects North Korea's "increasingly multi-chain approach to moving funds." The firm warned that these IT worker schemes "represent a sophisticated and growing threat," relying on stolen identities to obtain employment with legitimate companies globally. Beyond generating fraudulent revenue, these workers have been known to covertly introduce malware to extract sensitive information.
The scheme involves North Korean IT professionals posing as non-North Korean nationals on freelance platforms to secure remote tech jobs. Payments, often requested in cryptocurrencies like Bitcoin or Ethereum, are then laundered through multiple wallets and mixing services before being funneled back to the regime. This enforcement action builds upon previous efforts, such as the May 2022 sanctions linking stolen crypto to North Korea's Lazarus Group, and highlights the convergence of cybersecurity, cryptocurrency regulation, and international diplomacy.
