Feds Move to Freeze $15M in USDT Linked to North Korean Cybercriminals

US authorities strike at crypto's dark underbelly—again.

The Takedown:
The Department of Justice filed to seize $15 million worth of Tether (USDT) traced to North Korean hacking groups. Another day, another crypto crackdown.

Why It Matters:
Pyongyang’s cyber-army keeps exploiting decentralized finance—while regulators play whack-a-mole. Meanwhile, your average DeFi yield farmer still can’t get a bank account.

The Irony:
Stablecoins—designed for stability—keep getting weaponized. Guess ‘predictable value’ works both ways.

FBI Seeks to Forfeit Seized USDT Tied to 2023 Crypto Hacks

Federal investigators traced the digital assets to funds stolen from four VIRTUAL currency platforms in 2023.

The FBI initially seized the USDT in March 2025 and is now seeking court approval to permanently forfeit the assets so they can be returned to victims.

The DOJ did not identify the specific hacked platforms, though its timeline aligns closely with several major incidents that year, including the $100 million Poloniex breach in November 2023, the $37 million CoinsPaid hack that July, the Alphapo payments attack, which the DOJ estimates at approximately $100 million, and another November 2023 theft of about $138 million from a Panama-based exchange.

The DOJ has not confirmed which of these cases fall under the forfeiture actions.

According to the announcement, North Korean operatives continued to launder stolen funds through a patchwork of mixers, cross-chain bridges, crypto exchanges, and OTC brokers.

“Efforts to trace, seize, and forfeit related stolen virtual currency remain ongoing, as the APT38 actors continue to launder such funds,” the DOJ said.

US DOJ SEIZES MORE N. KOREA-LINKED CRYPTO

The Justice Department recovered another $15M from North Korean crypto heists as its crackdown intensifies. pic.twitter.com/udWxTRNd9T

The enforcement push doesn’t stop at the hackers. The DOJ also revealed it secured guilty pleas from five individuals who helped North Korea infiltrate US companies through fraudulent remote IT work, a scheme that has become a central revenue stream for Pyongyang.

Four US citizens, including Audricus Phagnasay (24), Jason Salazar (30), Alexander Paul Travis (34), and Erick Ntekereze Prince (38), admitted to wire fraud conspiracy after providing their identities to North Korean IT workers and allowing company-issued laptops to be operated from inside their homes.

The setup was designed to make it appear these workers were based in the United States, giving them access to US corporate networks.

Ukrainian Pleads Guilty to Selling Stolen U.S. Identities to North Korea

In a separate plea, Ukrainian national Oleksandr Didenko admitted to wire fraud conspiracy and aggravated identity theft.

He stole US citizens’ identities and sold them to North Korean IT operatives, helping them secure roles at 40 companies. Didenko agreed to forfeit more than $1.4 million.

In total, the schemes touched 136 US companies, generated more than $2.2 million for the North Korean government, and compromised over 18 Americans’ identities.

Officials have repeatedly warned that North Korean IT workers can earn up to $300,000 per year, collectively funneling hundreds of millions of dollars into programs overseen by the regime’s Ministry of Defense.

North Korea’s crypto theft operations have surged in 2025, with hackers stealing more than $2 billion so far this year, according to blockchain analytics firm Elliptic.