US Treasury Expands Sanctions Against North Korea Crypto Laundering Networks
On Tuesday, the U.S. Department of the Treasury expanded sanctions targeting a network linked to North Korea. This network involves bankers, companies, and facilitators who launder profits from cybercrime and illegal IT-worker schemes.
The Office of Foreign Assets Control (OFAC) designated eight individuals and two entities. Among them are bankers and the Korean firm KMCTC. The Treasury says they moved and concealed cryptocurrency and other revenues funding Pyongyang’s weapons programs.
“North Korean state-sponsored hackers steal and launder money to fund the regime’s nuclear weapons program,” said John K. Hurley, Under Secretary for Terrorism and Financial Intelligence, in the official announcement. OFAC noted that the actors managed crypto and fiat currency flows. It also updated the Specially Designated Nationals (SDN) List with crypto addresses tied to First Credit Bank.
Money Laundering With Cryptocurrency
Money laundering typically includes three steps:
- Placement: entering illicit funds into the financial system;
- Layering: hiding the trail through multiple transactions;
- Integration: reintroducing cleaned money as legitimate assets.
Cryptocurrency changes how these steps work. Users can create addresses quickly and move funds cheaply across blockchains. Services like mixers, tumblers, and unregulated exchanges enable complex layering to hide origins.
Unlike cash, crypto allows fast, automated transfers across many services and countries. This complexity challenges traditional bank-focused tracking methods.
The UN Office on Drugs and Crime estimates that 2–5% of global GDP is laundered yearly. Blockchain tracing firms warn that many illegal funds now flow through crypto. This has increased regulatory focus on exchanges, on-chain analysis, and cross-border cooperation.
Details of the Treasury’s Sanctions
OFAC targeted specific North Korea-linked facilitators and entities:
- Bankers Jang Kuk Chol and Ho Jong Son managed $5.3 million in crypto linked to ransomware and IT-worker scams for First Credit Bank.
- Korea Mangyongdae Computer Technology Company (KMCTC) and president U Yong Su ran North Korean IT teams in China and laundered money through proxy accounts.
- A network using shell companies, offshore agents, and foreign banks in China and Russia helped move North Korean funds.
Treasury linked these groups to North Korea’s broader tactics. These include state-directed cyber theft, social engineering hacks, and contract fraud using false identities for overseas IT workers. OFAC said North Korea-linked hackers stole over $3 billion in cryptocurrency in the past three years.
The new designations rely on executive orders countering cybercrime and sanctions evasion. OFAC expanded the SDN List to include crypto addresses, showing it treats blockchain identifiers as enforceable sanctions targets.
Common Methods in North Korea’s Schemes
Treasury highlighted recurring tactics used by North Korea in laundering money:
- Fake IDs and proxies to hide nationality and use local banks.
- Cross-border laundering through shell companies, weak jurisdictions, and unregulated exchanges.
- Use of crypto mixers and small transfers to obscure fund origins.
- Remote hires posing as freelancers to infiltrate company networks and steal data or assets.
Past investigations linked Lazarus-style groups to major crypto heists and laundering routes exploiting lax exchange and OTC controls. These events have prompted some U.S. companies to tighten hiring and security procedures.
Industry Response and Future Enforcement
The Treasury’s sanctions follow several high-profile attacks and industry reactions this year. Crypto firms have strengthened onboard processes and employee vetting after attempts by North Korean operatives to gain contractor roles. For example, Coinbase tightened rules for staff handling sensitive systems.
International incidents, such as the Lykke breach, show how exchange failures can lead to insolvency, regulatory problems, and cross-border enforcement. UK and EU authorities warn that unchecked stablecoin and crypto flows pose systemic and cyber risks.
The Treasury plans to keep targeting financial facilitators aiding North Korea. Future steps include monitoring more crypto addresses, scrutinizing banking proxies, and pressuring exchanges, custodians, and OTC desks. Stronger KYC and AML measures and cooperation on freezing illicit funds will be critical.
Crypto firms face a clear warning: improve identity verification, enhance on-chain monitoring, and secure fiat gateways to avoid involvement in laundering.
Summary
The U.S. Treasury is intensifying efforts to disrupt North Korea’s financial networks. Sanctions now target hackers and the pipelines converting stolen crypto into usable funds. By adding blockchain identifiers to enforcement tools, Treasury increases pressure on crypto firms and banks to improve controls. This push will likely boost cross-border cooperation and require faster adoption of stronger compliance and security practices across the crypto industry.
