The DOJ recovered $15.1M in stolen USDT from a North Korean phisher to help return funds to victims.
Four U.S. citizens and a Ukrainian national were admitted to helping North Korean IT workers break into 136 American companies by using stolen identities and misleading employers.
North Korea continues to depend on crypto theft and fake IT-worker schemes, bringing in billions despite the country’s heavy international sanctions.
The DOJ said several Americans helped North Korean IT workers infiltrate over 130 U.S. companies. Officials also seized $15.1M in USDT tied to hackers connected to the APT38 cyber group.
DOJ Moves to Seize $15 Million in Crypto Stolen by North Korean Hackers
The DOJ filed civil cases to seize $15.1M in USDT tied to APT38, North Korea’s major crypto-hacking group.
Officials believe the recovered stablecoins came from four major hacks, though the DOJ hasn’t confirmed which ones. Investigators suspect the money is connected to several large crypto breaches that happened during that time.
Major crypto heists linked to North Korean hackers include the $100M Poloniex hack, the $37M CoinsPaid breach, the Alphapo theft of up to $100M, and a $138M hack on a Panama-based exchange, all within 2023.
The FBI confiscated the funds in March 2025 and is now seeking court approval to return the recovered assets to affected victims. According to the DOJ, APT38 continues to launder stolen crypto through mixers, bridges, OTC brokers, and multiple exchanges.
How U.S. Citizens Helped North Korea’s IT Worker Scheme
The DOJ also said four Americans and one Ukrainian pleaded guilty to helping North Korean IT workers land fake U.S. jobs by supplying stolen identities and hosting company laptops to make them appear stateside.
Those pleading guilty include:
Those charged include Audricus Phagnasay, 24; Jason Salazar, 30; Alexander Paul Travis, 34; Erick Ntekereze Prince, 38; and Ukrainian national Oleksandr Didenko, accused of identity theft.
Didenko admitted to selling stolen U.S. identities to North Korean IT workers, helping them get jobs at over 40 U.S. companies. As part of his plea deal, he agreed to give up over $1.4 million that he earned through the scheme.
U.S. Citizen Involvement Enabled North Korea to Earn Millions
The DOJ says the scheme hit 136 U.S. companies and funneled over $2.2M to North Korea. At least 18 Americans had their identities compromised during the process.
U.S. officials warn that undercover North Korean IT freelancers can earn up to $300K yearly for state programs.
Elliptic says North Korean hackers have stolen over $2B in crypto this year to evade sanctions.