The US Treasury (OFAC) has sanctioned six individuals and two entities tied to the Democratic People’s Republic of Korea (DPRK) IT‑worker schemes that allegedly generated nearly $800 million in 2024. US Vs. DPRK Over Crypto Fraud Crypto is once again at the center of Washington’s latest sanctions push. On an official press release on March 12, the US Treasury announced that they have blacklisted a North Korean IT‑worker network accused of routing nearly $800 million through digital assets to fund weapons programs in 2024. The Secretary of the Treasury Scott Bessent, quoted on the announcement, warned that “The North Korean regime targets American companies through deceptive schemes carried out by its overseas IT operatives, who weaponize sensitive data and extort businesses for substantial payments”. Related Reading: Binance Warning? Leverage Explodes As Crypto Tracks A World On Edge How The North Korean Crypto Scheme Worked According to the OFAC’s statement, these North Korean IT networks relied on front companies in Vietnam, Laos and Spain to move IT‑worker revenue into cryptocurrency, convert it, and route funds back to Pyongyang. As the statement claims: DPRK-facilitated IT teams commonly rely on fraudulent documentation, stolen identities, and fabricated personas to conceal their true identities and gain employment with legitimate companies, including those in the United States and allied countries. The DPRK government reportedly appropriates the majority of the wages earned by these overseas IT workers, generating hundreds of millions of dollars to support the regime’s WMD and ballistic missile programs, in violation of U.S. and United Nations sanctions. In certain instances, DPRK-affiliated workers have also covertly introduced malware into company networks to extract proprietary and sensitive information. Amongst the companies signaled by Washington are Amnokgang Technology Development Company, that manages overseas DPRK IT delegations and other illicit procurement and Vietnam‑based partner (Quangvietdnbg) whose CEO converted around $2.5 million into crypto for North Koreans between mid‑2023 and mid‑2025, with $800 million in 2024 alone. Other facilitators opened bank accounts, enabled crypto transactions, and laundered IT‑worker proceeds on behalf of North Korean procurement figures, like Kim Se Un. The OFAC warns that both US and foreign financial institutions face secondary‑sanctions risk if they keep touching flows linked to the newly designated actors, which effectively isolates their remaining fiat and crypto on‑ramps. Related Reading: Hyperliquid Rockets as Oil Touches $100: Arthur Hayes Reveals Why What This Means For The Crypto Market This is but the newest chapter on a long saga of North Korean cyber and IT operations repeatedly leaning on crypto, mixers and OTC brokers to launder billions in stolen or fraudulently earned funds, which regulators now say directly supports its weapons programs. Even as Treasury has recently acknowledged that mixers and privacy tools can have legitimate uses, the new designations show that they are still ready to aggressively sanction any intermediaries that route significant illicit crypto flows for state actors like the DPRK. Despite episodes like this usually not moving Bitcoin’s price on their own, they do add to the regulatory overhang that can cap risk appetite around privacy coins, mixer‑adjacent protocols and lightly regulated offshore venues. For majors like BTC and ETH, stricter enforcement against DPRK‑linked networks tends to be framed as “cleaning up the rails,” which can support institutional adoption over time even if it generates headline risk in the near term. The regulatory tail risk remains highest around privacy‑focused tools, offshore venues and tokens that depend on opaque liquidity paths. At the same time, every DPRK‑linked enforcement wave nudges more volume toward KYC’d exchanges and transparent stablecoin and BTC pairs, which is where long‑term liquidity and institutional flows are likely to concentrate. BTC’s price trends to the upside on the daily chart. Source: BTCUSD on Tradingview Cover image from Perplexity, BTCUSD chart from Tradingview
The Treasury Department said North Korea infiltrated IT workers into U.S. businesses and channeled their wages back to the country to fund weapons of mass destruction programs.
Russia, Iran and North Korea expanded their use of stablecoins, hacked funds and state-linked exchanges to move more than $100 billion onchain to evade international sanctions.
North Korea-linked hackers drove a record year for crypto thefts, favoring rare but massive attacks on centralized services, led by Bybit’s $1.4 billion breach.
The crypto industry’s most notorious hackers continue to break records, highlighting the importance of taking every step possible to secure wallets.
North Korean operatives were caught on camera, live, after security researchers lured them into a booby-trapped “developer laptop,” capturing how the Lazarus-linked crew tried to blend into a US crypto job pipeline using legitimate AI hiring tools and cloud services. The evolution in state-sponsored cybercrime was reportedly captured in real time by researchers at BCA […]
The post Secret footage from a rigged laptop exposes how North Korean spies are slipping past your security team appeared first on CryptoSlate.
On Thursday, South Korea's largest digital asset exchange, Upbit, suspended deposits and withdrawals after detecting unusual activity in the Solana network tokens.
World Liberty Financial (WLFI) said it is reallocating funds and confirming user identities after several wallets were compromised ahead of its platform launch. Related Reading: XRP Supply Shock Ahead? ETFs Could Consume It All, Analyst Predicts According to WLFI’s post on X, the company froze the affected addresses in September and has been verifying ownership before moving assets back to users who pass the checks. Wallet Breaches And Response Reports have disclosed that the breaches came from either phishing attacks or exposed seed phrases, not from WLFI’s own platform or smart contracts, the company said. WLFI described the problem as linked to third-party security failures and said only a “small subset” of users were hit — though it did not give exact figures on how many accounts or how much crypto was involved. 1/ Prior to WLFI’s launch, a relatively small subset of user wallets were compromised via phishing attacks or exposed seed phrases. Since then, we’ve tested new smart contract logic to safely reallocate user funds and verified users’ identity via KYC checks. Shortly, users who… — WLFI (@worldlibertyfi) November 19, 2025 On-chain data cited by analyst Emmett Gallic of Arkham shows WLFI executed an emergency action that burned 166.67 million WLFI tokens, a move valued at $22.14 million from a compromised address, and then shifted tokens to a recovery address. That firewall step appears intended to limit further loss while the company sorts ownership questions. World Liberty Fi executed an emergency function burning 166.667M $WLFI ($22.14M) from compromised address, reallocating to a recovery address. Function designed for two scenarios: An investor loses wallet access before vesting OR malicious account acquires WLFI via exploit pic.twitter.com/VSUDWhDPCR — Emmett Gallic (@emmettgallic) November 19, 2025 Regulatory Spotlight Grows The timing of the security disclosure has drawn extra attention. Based on reports, Senators Elizabeth Warren and Jack Reed asked the DOJ and Treasury to review alleged WLFI token sales tied to sanctioned parties. Their letter referenced a watchdog report from Accountable.US that linked transactions to the Lazarus Group — a North Korea-linked actor on sanctions lists — and to an Iranian crypto exchange. It remains unclear whether the wallet compromises are related to the transactions lawmakers flagged. Experts Question On-Chain Findings Security researchers have pushed back on some of the watchdog’s claims. Taylor Moynahan of MetaMask and Nick Bax of Ump.eth said the Accountable.US analysis misread certain on-chain activity. Another day in crypto with wild allegations. Today, it’s that a North Korea-linked address invested in WLFI. I do a some DPRK crypto research myself, so I decided to take a look at their findings. They’re bad and an innocent user is out $100k because of it???? pic.twitter.com/yJKEH04nup — Nick Bax.eth (@bax1337) November 18, 2025 Related Reading: With 42% Of XRP Holders Underwater, Analysts Say The Altcoin Could Crash Even Further Bax argued that the report mistakenly connected a wallet tied to an individual known as “Shryder” with DPRK-linked activity, which led to the freezing of roughly $95,000 in WLFI tokens. WLFI has responded by emphasizing user protection and compliance. The company said it prioritized freezing vulnerable wallets and verifying rightful owners before any transfers. It also announced tests of revised smart contract logic meant to reduce the chance of similar breaches in future rollouts. Featured image from Gemini, chart from TradingView
U.S. authorities secured several criminal convictions and gathered another $15 million in proceeds from North Korean crypto heists, the Justice Department said.
The Treasury Department sanctioned eight individuals and two entities accused of using crypto and shell companies to funnel millions into Pyongyang’s weapons programs.
Mysten Labs’ chief cryptographer warns that artificial intelligence, not quantum computing, poses the real near-term threat to blockchain security.
North Korea’s crypto theft spree has already hit a record $2 billion in 2025, nearly triple last year’s total.
Japanese mining pool operator SBI Crypto has suffered a $21 million theft in a breach that investigators are linking to North Korea attackers. On Oct. 1, blockchain researcher ZachXBT identified unusual outflows from the firm involving Bitcoin, Ethereum, Litecoin, Dogecoin, and Bitcoin Cash. According to his findings, the funds moved quickly through five instant exchanges […]
The post Top Bitcoin mining pool SBI Crypto hacked, $21 million stolen appeared first on CryptoSlate.
SBI Crypto, a subsidiary of Japan’s SBI Group, has reportedly suffered a $21 million exploit with blockchain sleuths pointing to possible ties with North Korean hackers.
If the DeFi industry doesn’t adopt the security tools we've already built, then we will watch institutional capital deploy elsewhere while hackers fund their operations with our losses, writes Immunefi’s Mitchell Amador.
Learn how a North Korean group used 31 fake identities to infiltrate crypto firms and steal $680,000 from Favrr. Inside their tools, tactics and deception.
US Representative David Schweikert has introduced legislation granting the President authority to act against crypto criminals operating abroad. The bill, filed as House Resolution (H.R. 4988), invokes the rarely used concept of “letters of marque and reprisal,” which is a legal instrument dating back to maritime warfare. Historically, such letters authorized privateers to attack and […]
The post US proposes revival of 18th century law so Trump can deputize private citizens to fight crypto scammers appeared first on CryptoSlate.
The $44 million exploit targeting India-based crypto exchange CoinDCX has been linked to North Korea’s Lazarus Group, according to blockchain security firm Cyvers. In a July 21 statement shared with CryptoSlate, Cyvers CEO Deddy Lavid said the attackers followed a pattern reminiscent of previous Lazarus operations. The tactics included using cross-chain bridges and Tornado Cash […]
The post CoinDCX offers $11 million bounty after Lazarus Group-linked $44 million heist appeared first on CryptoSlate.
The U.S. Treasury Department added the employee of a North Korean hacking group to its blacklist over his role in getting IT workers jobs in other countries.
An on-chain investigation has revealed that North Korea IT workers posing as foreign developers have earned nearly $17 million from crypto startups and blockchain companies this year. The findings, revealed by prominent blockchain investigator ZachXBT, show that these individuals have successfully integrated into dozens of crypto projects by concealing their identities and locations. According to […]
The post North Korean IT workers earned $17M this year with some funds coming from Circle accounts appeared first on CryptoSlate.
North Korea-linked attacks have resulted in over $1.6 billion in losses, a TRM Labs report released Friday said.
The first half of 2025 exposed deep vulnerabilities in the crypto industry, with hackers stealing over $2.1 billion across 75 separate incidents. This marks a 10% increase from the previous H1 record of $2 billion in 2022 and nearly matches the full-year figure for 2024, which closed at $2.2 billion, according to a report from […]
The post Crypto heists reach $2.1B so far in 2025 as state-backed hackers ramp up attacks appeared first on CryptoSlate.
A DPRK-linked group is using fake job sites and Python malware to infiltrate Windows systems of blockchain professionals — with credential theft and remote access as the endgame.
North Korea’s hackers has reportedly stolen nearly $2 billion from centralized crypto exchanges over the past year. Blockchain security researcher Tay Monahan attributes a significant portion of those funds, around $1.8 billion, to a series of major hacks targeting centralized crypto trading platforms like Bybit, DMM Bitcoin, WazirX, Phemex, and BingX. Despite setbacks such as […]
The post North Korea’s hackers could have laundered as much as $1.5 billion in stolen crypto appeared first on CryptoSlate.
An ex-FBI agent who led landmark crypto investigations is joining TRM Labs’ team.
Kraken started 2025 on a high note, reporting a 19% increase in revenue year-over-year to $472 million for the first quarter. The May 1 earnings statement also highlighted a 1% quarter-over-quarter rise in adjusted EBITDA, reaching $187 million. Meanwhile, the company’s performance indicators showed similar momentum. The firm noted that its total trading volume rose […]
The post Kraken achieves revenue boost in Q1 2025 but faces North Korean hacking scare appeared first on CryptoSlate.
The US Treasury’s Financial Crimes Enforcement Network (FinCEN) has proposed banning Cambodia’s Huione Group from accessing the American financial system, according to a May 1 statement. If approved, the proposed rule would prohibit US financial institutions from opening or maintaining accounts for Huione Group or any of its subsidiaries. US authorities identified Huione Group as […]
The post US targets Huione Group in crackdown on $4 billion crypto laundering network appeared first on CryptoSlate.
An analyst has suggested that Monero (XMR) could repeat its 2021 cycle-high amid its recent price jump. However, a renowned on-chain sleuth has linked the surge to suspicious Bitcoin (BTC) transactions. Related Reading: XRP Price Shoots For 20% Surge To $2.51 Amid Pullback To Breakout Zone Monero Soars After $330 Million BTC Theft Privacy and security-focused token Monero saw its price soar 52% to a four-year high on Monday. The cryptocurrency surged from its recently reclaimed $220-$230 support toward the $340 resistance, hitting $347 in the early hours of Monday. Amid the massive surge, on-chain detective ZachXBT has linked the pump to a “suspicious transfer” from a potential victim of social engineering. The crypto sleuth explained that a suspicious transfer of 3,520 BTC, worth around $330.7 million, was made on Sunday night. According to the post, the funds were laundered via more than 6 instant exchanges shortly after the initial transfer, being swapped for XMR, seemingly based on timing analysis and the Monero price jump. An X user suggested the stolen Bitcoin was “likely from the Bitstamp hack that occurred in 2014.” The internet detective denied the idea, stating that the victim was likely an OG Bitcoiner. Meanwhile, others questioned whether the wallet owner made the transactions or if it was a theft. ZachXBT detailed multiple factors that led him to believe it was likely a theft, including the wallet being a longtime BTC holder and a Gemini, River, and Coinbase user. Additionally, he noted that the $330 million in Bitcoin was suddenly moved and transferred in small increments to instant exchanges, creating hundreds of orders. This would make the owner lose multiple 7-figures to fees, making it inefficient for a normal person. The crypto sleuth also considers that the theft isn’t likely related to North Korea’s Lazarus Group, which recently stole $1.5 billion worth of Ethereum (ETH) from crypto exchange Bybit. Is XMR Near A Breakout? Since the pump, Monero has retraced around 25% from today’s high to trade between the $250-$260 range. Crypto analyst Rekt Capital noted that XMR has successfully retested its $214 range’s low as support amid the market recovery. Notably, the cryptocurrency has been moving within the $112-$214 price range since 2022, surging above the range’s resistance line amid the November post-US elections breakout. After the Q3 2024 rally, Monero entered its key $214-286 range, which has previously worked as a key support and resistance area. After breaking out of the range’s upper boundary, the cryptocurrency rallied to its 2018 all-time high (ATH) of $542 and its 2021 high of $480. During the Q1 2025 retraces, the XMR dropped below the $214 mark, testing the $200 area as support before bouncing. Similarly, the early April pullback sent the cryptocurrency toward this level, finally reclaiming it two weeks ago. Since then, the cryptocurrency has rallied toward the $220-$230 range, fueled by the ongoing market recovery, but was ultimately rejected at the key resistance level. Today’s recent pump has seen Monero break above the $230 mark for the first time since February. Related Reading: Cardano (ADA) Bulls Push for Breakout — Is a Sharp Rally Next? Despite the alleged laundering-driven surge, the analyst affirmed that the cryptocurrency has now “repeated early 2021 history,” where the token reclaimed its current range and retested its lower boundary before breaking out to cycle highs. If history repeats and XMR’s price holds its current range, it could position itself for a surge above the $300 barrier. Featured Image from Unsplash.com, Chart from TradingView.com
A North Korean state-sponsored hacking group, Lazarus, is advancing its tactics with a more polished and deceptive approach. A report by cybersecurity firm Silent Push revealed that the group has set up fake US-based crypto companies to distribute malware disguised as job opportunities. According to the report, a Lazarus subgroup called “Contagious Interview” is behind […]
The post North Korean hackers used fake crypto firms to deliver malware in job scams appeared first on CryptoSlate.
Illicitly downloaded programs can steal data, provide remote access to infected systems, and serve as entry points for additional spyware or ransomware.