The U.S. Department of the Treasury unleashed a new wave of sanctions on Tuesday, targeting a ring of North Korean bankers and companies accused of laundering billions of dollars in stolen cryptocurrency to fund the nation’s illegal weapons programs. The move aims to cripple the overseas financial network that U.S. officials say is essential to Pyongyang’s ability to finance its missile and nuclear ambitions.
The Targets: A Global Laundering Web
The sanctions designated eight North Korean bankers and two companies operating primarily from bases in China and Russia. According to the Treasury, these individuals acted as foreign-based financial representatives for sanctioned North Korean banks, including the First Credit Bank and Ryujong Credit Bank.
Among those named are Jang Kuk Chol and Ho Jong Son, two bankers accused of managing at least $5.3 million in cryptocurrency on behalf of First Credit Bank. As part of the action, the Treasury’s Office of Foreign Assets Control (OFAC) also blacklisted 53 specific cryptocurrency wallet addresses linked to the laundering operation. Notably, officials reported that every one of the blacklisted wallets contained USDT, the world’s largest stablecoin.
A Threat to Global Security
The U.S. government was blunt in connecting this illicit activity directly to global security threats. “North Korean state-sponsored hackers steal and launder money to fund the regime’s nuclear weapons program,” said John Hurley, Treasury Under Secretary for Terrorism and Financial Intelligence, in a statement. “By generating revenue for Pyongyang’s weapons development, these actors directly threaten U.S. and global security.”
Hurley affirmed that the Treasury would “continue to pursue the facilitators and enablers behind these schemes to cut off the DPRK’s illicit revenue streams.”
The $3 Billion Heist Operation
Tuesday’s sanctions are a response to an escalating and prolific global hacking campaign. According to recent intelligence reports, North Korean state-sponsored operatives have stolen nearly $3 billion in cryptocurrency over the last three years alone. This digital blitzkrieg has been unmatched by any other nation.
This has been a truly unbelievable year. In February 2025, the notorious Lazarus Group from North Korea engaged in the largest crypto breach in history. They stole between $1.4-$1.5 billion in Ethereum and related tokens from the Bybit exchange. Investigators said that the hackers used sophisticated social engineering to engage a third-party wallet provider who manipulated the Bybit exchange user interface to allow the hackers to transfer the funds into their own wallets.
The ‘IT Worker’ and ‘Chinese Banking’ Scam
The investigation by the Treasury sheds light on the two-pronged approach that North Korea is using to generate this revenue. The first involves the well-publicized exchange hacks. The second involves a sophisticated web of thousands of North Korean IT workers who are working abroad, most from China and Russia.
These workers allegedly use fraudulent identities to get freelance IT contracts, earning hundreds of millions of dollars in legitimate salaries. This money, along with the stolen crypto, is then funneled through “underground Chinese banking networks.” Blockchain security experts have identified these networks as the key facilitators who “clean” the dirty crypto, using elaborate mixing services and over-the-counter (OTC) desks to swap the stolen assets for fiat currency.
‘Systematically Dismantling’ the Network
This action is not happening in a vacuum. It follows a massive $14 billion asset seizure by the Department of Justice last month, which targeted a Cambodian crypto scam operation. Experts say that operation was closely linked to the same underground Chinese money launderers used by North Korea.
For many security analysts, this pattern of coordinated action between the Treasury and the DOJ signals a new, more aggressive UNext. The U.S. government appears to be moving beyond just sanctioning individual hackers and is now “systematically dismantling” the entire interconnected global network—the bankers, the front companies, and the underground exchanges—that makes these multi-billion-dollar crypto crimes possible.




