Four North Korean nationals have been charged in a major cryptocurrency theft targeting a blockchain startup in Atlanta. The U.S. Department of Justice (DOJ) and FBI unsealed the indictment on June 30, 2025, exposing a well-organized scheme that used remote developer jobs to gain insider access.
How the Crypto Theft Unfolded
The suspects—Kim Kwang Jin, Kang Tae Bok, Jong Pong Ju, and Chang Nam Il—allegedly used stolen or fake identities to pose as IT professionals. Between late 2020 and mid-2021, they secured remote roles at two companies:
- A blockchain development firm based in the United States
- A cryptocurrency token business located in Serbia
Once embedded in these companies, the suspects executed a series of coordinated attacks:
- In February 2022, Jong allegedly transferred about $175,000 in cryptocurrency to an unauthorized wallet.
- In March 2022, Kim reportedly altered smart contract source code, redirecting approximately $740,000.
- The stolen funds were laundered through Tornado Cash, a well-known crypto mixer.
- The laundered crypto was funneled into accounts under Kang and Chang, created using fake Malaysian identities.
Prosecutors claim the operation funded North Korea’s weapons development and efforts to bypass international sanctions.
A Broader Pattern of Cybercrime
This incident is part of a larger crackdown on North Korean cyber activity. The U.S. government has been tracking similar schemes where operatives use fake credentials to secure remote work in the tech industry.
In a separate DOJ case, authorities seized more than $7 million in stolen cryptocurrency and sensitive U.S. defense data. That operation revealed:
- Use of over 80 stolen American identities
- Hundreds of unauthorized remote laptop setups
These activities demonstrate how North Korea uses cybercrime to bypass global financial restrictions.
DOJ’s Response and Global Coordination
Although the four suspects remain at large, U.S. officials are working closely with international partners to locate and apprehend them.
- The DOJ warned that remote cyber attackers using stolen identities pose a growing national security threat.
- U.S. Attorney Theodore Hertzberg and DOJ’s John Eisenberg emphasized that these covert networks are designed to support illicit programs tied to the North Korean regime.
- They reaffirmed the DOJ’s commitment to disrupting these operations and protecting American digital infrastructure.
