The US Treasury Department has imposed new sanctions on a group of North Korean bankers and institutions accused of laundering millions in cryptocurrency linked to cyberattacks and illegal IT labor schemes that help finance Pyongyang’s weapons programs.
The Office of Foreign Assets Control (OFAC) said on Tuesday that eight individuals and two entities were designated for “laundering funds derived from cybercrime and information technology worker fraud,” including proceeds associated with ransomware and crypto thefts.
“North Korean state-sponsored hackers steal and launder money to fund the regime’s nuclear weapons program,” Under Secretary of the Treasury for Terrorism and Financial Intelligence John K. Hurley said in a press release.
Last month, blockchain analytics firm Elliptic reported that North Korean hackers had stolen more than $2 billion in cryptocurrency by 2025, underscoring the regime’s growing reliance on digital assets.
According to the Treasury, DPRK-linked hackers are using advanced malware, phishing campaigns and social engineering to breach crypto firms and exchanges. A recent CoinDesk study also found that North Korean hackers are increasingly leveraging AI to automate and scale their attacks.
The sanctioned network allegedly relied on cryptocurrency transactions and shell companies to hide the flow of illicit funds. Two North Korean bankers, Jang Kuk Chol and Ho Jong Son, managed at least $5.3 million in crypto tied to OFAC-designated First Credit Bank, funds linked to a ransomware group that previously targeted American victims and laundered earnings from overseas DPRK IT workers.
OFAC said both men were designated under multiple executive orders to support cyber-enabled activities and commercial operations that generate revenue for the North Korean government.
The Ministry of Finance also targeted the Korea Mangyongdae Computer Technology Company (KMCTC), which operates IT worker delegations in China’s Shenyang and Dandong. The KMCTC and its president, U Yong Su, allegedly used Chinese nationals as bank agents to hide the origin of funds earned by DPRK IT workers abroad.
Tuesday’s actions extend to Ryujong Credit Bank, accused of facilitating international transfers for North Korean entities involved in sanctions evasion and crypto-laundering.
OFAC said the designations bolster U.S. efforts to “cut off illicit revenue streams” that fuel North Korea’s weapons programs and cyber operations that threaten the global digital economy.
