DOJ Unleashes Crackdown on North Korea’s Shadowy Crypto Network – Billions at Stake

The U.S. Department of Justice just dropped the hammer on Pyongyang's clandestine crypto operation—turning blockchain sleuthing into geopolitical warfare.

How sanctions evasion got a digital upgrade

North Korea's Lazarus Group has been playing hide-and-seek with regulators for years, laundering stolen funds through decentralized exchanges and privacy coins. Now Uncle Sam's tracing the money trail through mixers and chain-hopping transactions.

The new cold war battlefield

While traditional finance still moves at the speed of SWIFT, crypto's borderless nature created the perfect playground for rogue states. Too bad they forgot immutable ledgers never forget.

Wall Street bankers watching from their marble lobbies must be seething—turns out you can't charge 2% management fees on North Korea's $3B stolen crypto stash.

• The U.S. Department of Justice (DOJ) seized over $15 million in stolen USDT after tracing the funds to APT38, a North Korean military hacking group.
• The five hackers confessed to helping North Korean IT workers infiltrate U.S. companies.

Recently, there has been an alarming increase in the number of crypto scams and exploitations linked to North Korea. And although there is still no clear definition of what crypto is and the limits it has within North Korea, the country has participated in the biggest scams that have ever been recorded on-chain. In fact, according to a report shared by Tronweekly, in three years, North Korea has stolen over $3 billion.

Today, the United States Department of Justice (DOJ) has taken action to seize over $15 million worth of USDT that was stolen by popular North Korean hackers. According to the report published by the security department, the two civil forfeiture cases were filed so that the government can permanently take control of the crypto.

How the DOJ Exposed the Korean Military Group

The details of the news were properly covered by the DOJ website, and according to the report, the funds were originally stolen in 2023, and during investigations, it was traced to a North Korean military hacking group known as APT38.

While this investigation was going on, it was discovered that the group was responsible for major cyberattacks on different international crypto-based platforms. The FBI recovered the money in March 2025, and currently, the officials are requesting a court order to keep the assets so they can eventually return them to the victims who lost their funds.

Other Details on the Operations of the Korean Military Group Based on DOJ reports, there were about four individuals who helped carry out the scam. And even though the Justice Department did not list the incidents by name, all the evidence shared links the group to most of the biggest crypto-based attacks that happened in 2023.

Four of the people involved are American citizens, and the last one is from Ukraine. The five of them admitted to conspiracy charges connected to wire fraud. For the four Americans, they allowed their personal identities to be used by North Korean workers and even kept company laptops in their homes to make it seem as if they were actually in the United States.

The Ukrainian man, named Oleksandr Didenko, pleaded guilty to identity theft and wire fraud conspiracy. He stole the identities of Americans and sold them to North Korean IT workers so they could get jobs at U.S. companies. He helped North Korean workers join about 40 different businesses and agreed to give up more than $1.4 million as part of his plea deal.

Also Read: China’s Financial Control Eroded by Rising Crypto-Based Money Laundering