The US Treasury (OFAC) has sanctioned six individuals and two entities tied to the Democratic People’s Republic of Korea (DPRK) IT‑worker schemes that allegedly generated nearly $800 million in 2024.
US Vs. DPRK Over Crypto Fraud
Crypto is once again at the center of Washington’s latest sanctions push. On an official press release on March 12 , the US Treasury announced that they have blacklisted a North Korean IT‑worker network accused of routing nearly $800 million through digital assets to fund weapons programs in 2024. The Secretary of the Treasury Scott Bessent, quoted on the announcement, warned that “The North Korean regime targets American companies through deceptive schemes carried out by its overseas IT operatives, who weaponize sensitive data and extort businesses for substantial payments”.
How The North Korean Crypto Scheme WorkedAccording to the OFAC’s statement, these North Korean IT networks relied on front companies in Vietnam, Laos and Spain to move IT‑worker revenue into cryptocurrency, convert it, and route funds back to Pyongyang. As the statement claims:
DPRK-facilitated IT teams commonly rely on fraudulent documentation, stolen identities, and fabricated personas to conceal their true identities and gain employment with legitimate companies, including those in the United States and allied countries. The DPRK government reportedly appropriates the majority of the wages earned by these overseas IT workers, generating hundreds of millions of dollars to support the regime’s WMD and ballistic missile programs, in violation of U.S. and United Nations sanctions. In certain instances, DPRK-affiliated workers have also covertly introduced malware into company networks to extract proprietary and sensitive information.
Amongst the companies signaled by Washington are Amnokgang Technology Development Company, that manages overseas DPRK IT delegations and other illicit procurement and Vietnam‑based partner (Quangvietdnbg) whose CEO converted around $2.5 million into crypto for North Koreans between mid‑2023 and mid‑2025, with $800 million in 2024 alone. Other facilitators opened bank accounts, enabled crypto transactions, and laundered IT‑worker proceeds on behalf of North Korean procurement figures, like Kim Se Un.
The OFAC warns that both US and foreign financial institutions face secondary‑sanctions risk if they keep touching flows linked to the newly designated actors, which effectively isolates their remaining fiat and crypto on‑ramps.
What This Means For The Crypto MarketThis is but the newest chapter on a long saga of North Korean cyber and IT operations repeatedly leaning on crypto, mixers and OTC brokers to l aunder billions in stolen or fraudulently earned funds , which regulators now say directly supports its weapons programs.
Even as Treasury has recently acknowledged that mixers and privacy tools can have legitimate uses , the new designations show that they are still ready to aggressively sanction any intermediaries that route significant illicit crypto flows for state actors like the DPRK. Despite episodes like this usually not moving Bitcoin’s price on their own , they do add to the regulatory overhang that can cap risk appetite around privacy coins, mixer‑adjacent protocols and lightly regulated offshore venues. For majors like BTC and ETH, stricter enforcement against DPRK‑linked networks tends to be framed as “cleaning up the rails,” which can support institutional adoption over time even if it generates headline risk in the near term.
The regulatory tail risk remains highest around privacy‑focused tools, offshore venues and tokens that depend on opaque liquidity paths. At the same time, every DPRK‑linked enforcement wave nudges more volume toward KYC’d exchanges and transparent stablecoin and BTC pairs, which is where long‑term liquidity and institutional flows are likely to concentrate.
Cover image from Perplexity, BTCUSD chart from Tradingview
