The U.S. Department of Justice (DOJ) announced landmark enforcement actions against cybercriminals linked to North Korea, unveiling the forfeiture of $15.1 million in stolen Tether (USDT) as well as the plea agreements of individuals who facilitated IT workers in North Korea in infiltrating 136 American companies. These measures underscore not only the volume of cyber operations by Pyongyang but also the broad support network that, together, enables these plans both within the U.S. and internationally.
In order to hold on to $15.1 million in USDT, the Department of Justice submitted two civil forfeiture complaints. These funds were traced back to the activities of a hacking unit of the North Korean military: Advanced Persistent Threat 38 (APT38), which is widely held responsible for several crypto heists. The FBI reportedly located and confiscated the money in March 2025, after it was linked to four attacks on virtual currency platforms in different regions that took place in 2023. Among these, it is suggested that the Poloniex, CoinsPaid, and Alphapo breaches might have been the source of the incidents.
The department explained that APT38 actors were running their laundering operations using a variety of methods, such as bridges, mixers, exchanges, and OTC traders, hence their tracing and seizure are still ongoing. Once approved by the court, the seized funds will be returned to those who suffered losses in these illicit activities, thus demonstrating the U.S. commitment to intensifying its crackdown on the financial channels that provide support to North Korea’s programs under sanctions.
Besides the forfeiture actions, the Department of Justice announced pleas of guilty by five individuals who facilitated North Korean IT workers in obtaining fake jobs at local companies. They offered stolen identities, installed company-issued laptops on which they hosted, and made remote network access possible so that the workers seemed to be located in the United States.
The U.S. defendants — Audricus Phagnasay, Jason Salazar, Alexander Paul Travis, and Erick Ntekereze Prince — were charged with conspiracy to commit wire fraud. Meanwhile, Ukrainian national Oleksandr Didenko was indicted with conspiracy to commit wire fraud and aggravated identity theft. Officials said that Didenko caused North Korean workers to enter 40 companies, and he decided to give up more than $1.4 million in cash. In total, 136 companies were targeted by the schemes, $2.2 million was generated for North Korea, and at least 18 citizens’ identities were stolen, revealing the magnitude and the technological side of the operation.
The crypto landscape changes in seconds—don’t fall behind. Chainbull keeps you informed with expert insights, comprehensive market analysis, and dependable updates from the fast-moving world of blockchain and digital assets.
