US Treasury sanctions enablers of North Korea IT worker fraud ring

Fraudulent tech workers with ties to North Korea target a range of industries, including blockchain companies, with schemes and infrastructure spreading worldwide.

The US Treasury has sanctioned six people and two entities for their alleged roles in an IT worker fraud scheme orchestrated by  North Korea, which frequently targets the crypto industry.

The Office of Foreign Assets Control (OFAC) said on Thursday that it sanctioned alleged facilitators of the IT worker fraud networks operating in North Korea, Vietnam, Laos and Spain, which generate revenue to fund North Korea’s weapons program.

OFAC sanctioned Amnokgang Technology Development Company, a DPRK firm accused of managing overseas IT workers, and Nguyen Quang Viet, CEO of Quangvietdnbg International Services Company Limited, a Vietnam-based company accused of laundering $2.5 million through cryptocurrency for the network. 

Do Phi Khanh, Hoang Van Nguyen, Yun Song Guk, Hoang Minh Quang and York Louis Celestino Herrera were also sanctioned for their alleged roles in the DPRK IT worker networks.

The sanctions mean all US assets connected to those named are frozen and they can’t conduct any financial transactions or engage in business dealings with the US under threat of civil and criminal penalties.

Fraudulent tech workers with ties to North Korea have been highly active, targeting a range of industries, including blockchain companies. An April 2025 report by Google found that the schemes' infrastructure has spread worldwide.

OFAC’s sanctions included 21 cryptocurrency addresses across Ethereum and Tron. Chainalysis said on Thursday that the “designation of addresses across multiple blockchain networks reflects [North Korea’s] increasingly multi-chain approach to moving funds.”

Related: Someone counter-hacked a North Korean IT worker: Here’s what they found

Chainalysis added that North Korean IT worker schemes “represent a sophisticated and growing threat,” relying on stolen identities and fabricated personas to obtain employment with legitimate companies globally.

“Beyond generating revenue through fraudulent employment, these workers have also been known to covertly introduce malware into company networks to extract proprietary and sensitive information,” the firm said. 

Magazine: All 21 million Bitcoin is at risk from quantum computers

Source: CoinTelegraph