Chris Fernando 
Four North Korean nationals have been charged in Georgia with wire fraud and money laundering in connection with the theft of nearly $1 million in cryptocurrency. Prosecutors allege that the individuals posed as remote IT workers to infiltrate U.S. and Serbian blockchain companies.
According to the U.S. Department of Justice (DOJ), Kim Kwang Jin, Kang Tae Bok, Jong Pong Ju, and Chang Nam Il allegedly used fabricated and stolen identities to conceal their North Korean citizenship while securing remote IT developer positions.
The group reportedly began operating from the United Arab Emirates in 2019 before obtaining jobs at an Atlanta-based blockchain startup and a Serbian virtual token company between late 2020 and mid-2021.
Prosecutors state that Kim and Jong submitted fraudulent documents, including stolen and fake IDs, to secure their employment. U.S. Attorney Theodore S. Hertzberg described this tactic as a “unique threat” to businesses employing remote IT workers.
Once employed, the defendants allegedly leveraged their access to steal funds. In February 2022, Jong is accused of siphoning approximately $175,000 in cryptocurrency. The following month, Kim allegedly exploited smart contract source code to steal $740,000.
Investigators report that the stolen funds were subsequently laundered through mixing services and transferred to exchange accounts controlled by Kang and Chang, which were reportedly set up using fraudulent Malaysian identification.
“These schemes target and steal from US companies and are designed to evade sanctions and fund the North Korean regime’s illicit programs, including its weapons programs,” said John A. Eisenberg, assistant attorney general for national security.
This case falls under the DOJ’s DPRK RevGen: Domestic Enabler Initiative, a program launched in 2024 to disrupt North Korea’s illicit revenue streams and U.S.-based facilitators.
In a related enforcement action, federal agents conducted raids across 16 states, seizing nearly 30 financial accounts, over 20 fraudulent websites, and approximately 200 computers from “laptop farms.” These setups enabled North Korean operatives to appear as if they were working from within the U.S.
The DOJ announced on Sunday that these schemes involved North Korean IT workers posing as U.S. citizens and using stolen identities to secure jobs at over 100 American companies, allegedly funneling millions of dollars to Pyongyang and, in some instances, accessing sensitive military data.
Last month, the DOJ filed a civil forfeiture complaint seeking to seize $7.74 million in cryptocurrency, which was allegedly earned by North Korean IT workers posing as remote blockchain contractors using fake identities.
