US authorities seized $7,7 million from North Korean scammers. Details of the operation

The US Department of Justice has reported another successful operation against North Korean government groups targeting cryptocurrency theft. GetBlock AML Research publishes details of the operation that uncovered an international network of conspiratorial North Korean scammers.

On the radar

US law enforcement identified the cryptocurrency addresses of Sim Hyon Sop, a representative of the North Korean Foreign Trade Bank (FTB), and Kim Sang Man, an executive director of Chinyong, also known as Jinyong IT Cooperation Company, which reports to North Korea’s Ministry of Defense. Stablecoins and other assets worth $7,7 million were frozen in their wallets.

Sim Hyon Sop and Kim Sang Man organized an international cryptocurrency theft scheme. They supervised various groups of North Korean developers who were physically located around the world (China, Russia, and the UAE) and used fake documents to gain employment with major financial companies. After successful employment, the developers would send their earnings to the addresses of Hyon Sop and Sang Man, having previously concealed the transaction chain.

The following were used to launder funds:

• Fictitious bank accounts opened with fake IDs;
• Distributing funds in small amounts;
• Converting assets to other blockchains and using cross-chain bridges;
• Buying NFT tokens and then reselling them to hide the direct chain of transactions;
• Mixing illicit flows with legitimate transfers to increase the difficulty of tracing assets.

A network of wallets that were used to collect and launder cryptocurrency. Data: TRM Labs

Sim Hyon Sop’s blocked wallet totaled more than $24 million between August 2021 and March 2023, nearly all of which was transferred to Kim Sang Man, who used fake Russian documents and devices operating in Russia and the UAE.

Asset seizure

The US Department of Justice filed a lawsuit in US District Court to transfer the frozen assets to the US government. In addition to USDC and USDT stablecoins, law enforcement took possession of altcoins, NFT tokens, and domain names of the ENS service. Eighty-four accounts on centralized crypto exchanges used by North Korean scammers to launder cryptocurrency were discovered and shut down.

How the leaders of the scheme operated

Sim Hyon Sop and Kim Sang Man set up an international clearinghouse to launder cryptocurrency. They accepted assets from their subordinates, Hyon Sop was located in Dubai, UAE, and Sang Man was located in Vladivostok, Russia. The funds were then laundered using various methods and moved to North Korean government addresses.