US Sanctions North Korean Bankers Over Crypto Laundering

The US has imposed sanctions on a group of North Korean bankers and institutions accused of laundering millions of dollars linked to cyberattacks and illicit IT work schemes. 

According to the US Treasury Department, the laundered money was used to fund Pyongyang’s weapons programs. 

US Announces Sanctions 

According to the Office of Foreign Assets Control (OFAC), eight individuals and two entities were sanctioned for laundering funds derived from cybercrime and information technology worker fraud, including proceeds linked with ransomware and crypto thefts. John K. Hurley, Under Secretary of the Treasury for Terrorism and Financial Intelligence, stated, 

“North Korean state-sponsored hackers steal and launder money to fund the regime’s nuclear weapons program. By generating revenue for Pyongyang’s weapons development, these actors directly threaten US and global security. The Treasury will continue to pursue the facilitators and enablers behind these schemes to cut off the DPRK’s illicit revenue streams.”

Several cryptocurrency firms have been targeted by North Korean hackers linked with the dreaded Lazarus Group. According to blockchain analytics firm Elliptic, North Korean hackers stole over $2 billion worth of cryptocurrency in 2025, highlighting Pyongyang’s reliance on digital assets. According to the Treasury Department, North Korean hackers use advanced and highly sophisticated malware, phishing campaigns, and social engineering to gain access to employee devices and breach crypto firms and exchanges. A recent investigation also revealed that North Korean hackers are leveraging AI to automate and scale their attacks. 

Sanctioned Entities 

Among those sanctioned were two bankers accused of managing at least $5.3 million in cryptocurrency through the OFAC-designated First Credit Bank. The funds were linked to a ransomware group that targeted US-based individuals and laundered funds from North Korean IT workers. Other sanctioned entities include Ryujong Credit Bank and Korea Mangyongdae Computer Technology Company (KMCTC). The firms used shell companies and third-party intermediaries to hide crypto transactions. Officials also alleged that the sanctioned entities used Russian and Chinese proxies to transfer funds. 

Earlier Seizures 

The United States Department of Justice also seized $7.7 million in cryptocurrency linked to North Korean IT workers. The workers were accused of using stolen American identities to secure remote employment. According to the US Department of Justice, the workers operated from China, Russia, and Laos, using VPNs to conceal their location. According to the authorities, the North Korean workers pretended to be remote IT contractors for US and international firms, generating millions in illicit earnings. 

North Korean hackers have also been accused of creating fake US companies to target crypto developers. The fake firms offer developers fraudulent jobs using LinkedIn-style profiles and fake interviews to trick victims into downloading malware disguised as job-related files.

Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.