The U.S. Treasury has sanctioned eight people and organizations tied to a North Korean scheme that brought in close to $800 million last year, much of it moved through cryptocurrency, by tricking American companies into hiring fake tech workers. The money went straight toward building nuclear weapons and ballistic missiles.
The Treasury Department’s Office of Foreign Assets Control, known as OFAC, announced on March 12, 2026, that it had blacklisted six individuals and two entities for their part in a fraud network run by North Korea’s government. The money raised in 2024 was used to fund the country’s weapons of mass destruction and ballistic missile programs, breaking both U.S. law and United Nations sanctions.
North Korean tech workers use stolen identities, fake documents, and made-up profiles to land jobs at real companies around the world, including in the United States. The North Korean government takes most of the wages these workers earn and uses the money for its weapons programs. Some workers have also secretly installed malware inside company systems to steal data, which they used to demand ransom payments.
Crypto Addresses Frozen Across Multiple Networks
Cryptocurrency is central to how the money gets moved. The March 12 action froze 21 cryptocurrency wallet addresses across multiple blockchain networks. One of those named was Nguyen Quang Viet, chief executive of a Vietnam-based firm called Quangvietdnbg International Services Company Limited.
Between mid-2023 and mid-2025, Nguyen converted roughly $2.5 million into cryptocurrency for the regime, including money earned by IT workers tied to a North Korean company called Amnokgang Technology Development Company.
Amnokgang, founded in 1982, manages overseas teams of North Korean IT workers and had seven cryptocurrency addresses frozen across the Ethereum and Tron networks.
Also sanctioned was Yun Song Guk, a North Korean national who ran a group of IT workers out of Boten, Laos since at least 2023. Two Ethereum addresses linked to Yun were frozen.
Hoang Minh Quang, who handled more than $70,000 in transactions connected to Yun’s IT work, had one Bitcoin address frozen. OFAC also updated the file of previously sanctioned Sim Hyon Sop, a China-based representative for Korea Kwangson Banking Corp, adding 11 new cryptocurrency addresses across Ethereum and Tron.
The action is part of a wider U.S. effort to shut down North Korea’s use of digital assets to raise money, including cyberheists by groups like the Lazarus Group and ransomware attacks demanding cryptocurrency payments.
40 countries hit, $2 Billion worth crypto stolen
In January, eleven countries led a session at the United Nations in New York built around a 140-page report on North Korea’s cyber-driven efforts to fund its weapons programs. The report found that more than 40 countries had been affected by either cryptocurrency theft, which passed $2 billion last year, or IT worker fraud.
Jonathan Fritz, the U.S. principal deputy assistant Secretary of State, said too many countries were falling short. “A North Korean IT worker can live in Laos, steal the identity of a Ukrainian online, and then use that identity to defraud a U.S. company into hiring them, often for remote jobs with salaries in the hundreds of thousands of dollars range,” he said.
U.S. officials blamed Russia and China for sheltering North Korea and helping its money flows. At least 19 Chinese banks were named in the report as being used to launder stolen funds. Around 1,500 North Korean IT workers are thought to be based in China, with another 500 across Russia, Laos, Cambodia, Equatorial Guinea, Guinea, Nigeria, and Tanzania.
Fritz said Argentina and Pakistan had moved to address the problem since the report came out in October. Pakistan had reportedly arrested someone the report identified for helping North Korean IT workers.
At the UN session, a South Korean representative said a cryptocurrency firm in the country had more than $30 million stolen since the report’s release.
An Upwork representative described a case where a hired worker showed up in person but had a North Korean doing the real work after hours. Tech firms including Google called for stricter hiring checks, though some admitted North Korea is now using AI to help workers change their appearance, voice, and accent during interviews.