Michaela
The U.S. Department of Justice (DOJ) has initiated efforts to seize over $15 million in Tether (USDT) connected to North Korean hackers, targeting the Democratic People’s Republic of Korea’s (DPRK) increasing reliance on cryptocurrency theft and illicit cyber operations that finance government programs in violation of international sanctions.
Key Points
- The DOJ announced Friday that it filed two civil forfeiture complaints seeking to recover $15
- 1 million in Tether stolen during 2023 cyberattacks attributed to North Korea’s state-backed hacking group APT38, known for targeting cryptocurrency firms worldwide
- Federal investigators traced the digital assets to thefts from four cryptocurrency platforms
The DOJ announced Friday that it filed two civil forfeiture complaints seeking to recover $15.1 million in Tether stolen during 2023 cyberattacks attributed to North Korea’s state-backed hacking group APT38, known for targeting cryptocurrency firms worldwide.
Federal investigators traced the digital assets to thefts from four cryptocurrency platforms. The FBI initially seized the USDT in 2025 and is now seeking court approval to permanently forfeit the funds and return them to the victims.
The DOJ did not disclose the identities of the targeted platforms or specify which incidents are covered by the forfeiture actions. North Korean hackers reportedly continued laundering stolen funds using a combination of mixers, cross-chain bridges, cryptocurrency exchanges, and over-the-counter brokers.
Related: OpenAI Must Hand Over Millions of ChatGPT Logs in Copyright Case
Additionally, the DOJ obtained guilty pleas from five individuals involved in the attacks who aided North Korea in targeting U.S. companies through fraudulent remote IT work. Four U.S. citizens, Audricus Phagnasay, Jason Salazar, Alexander Paul Travis, and Erick Ntekereze Prince, admitted to wire fraud conspiracy after sharing their identities with North Korean operatives and allowing company-issued laptops to be remotely accessed from their homes.
The North Korean IT worker scheme has gained increasing prominence, demonstrating how state-backed hackers are exploiting the digital landscape. By enlisting unwitting individuals in the U.S. and abroad to provide remote access to corporate systems, DPRK operatives can circumvent conventional cybersecurity safeguards and launder stolen cryptocurrency with relative ease.
Related: Sam Altman Eyes Rocket Company, Taking on Elon Musk’s SpaceX Ambitions
This method has grown popular due to its cost efficiency and access to high-value targets, enabling North Korea to finance weapons programs and other sanctioned priorities. The DOJ’s recent asset seizures and prosecutions spotlight the U.S. government’s commitment to combating these operations. Authorities emphasize that robust internal security measures and continued vigilance remain essential as this form of cyber-enabled fraud evolves on a global scale.
Read More
- North Korea’s Lazarus Group Tied to $23M UK Crypto Heist on Lykke
- North Korean Hackers Hit Crypto Custodian — Is Decentralization the Safer Bet?
- North Korea Crypto Scam Grows: Fake IT Workers Target Firms
MICHAELA
Michaela is a news writer focused on cryptocurrency and blockchain topics. She prioritizes rigorous research and accuracy to uncover interesting angles and ensure engaging reporting. A lifelong book lover, she applies her passion for reading to deeply explore the constantly evolving crypto world.
