North Korean Crypto Sanctions Tracker
Latest designations targeting North Korean crypto theft networks and IT-worker fraud schemes.
| Date | Designated Entity | Primary Role |
|---|---|---|
| July 8, 2025 | Kim Ung Sun | Facilitated $600k crypto-to-cash conversions for DPRK |
| July 24, 2025 | Shenyang Geumpungri Network Technology Co., Ltd | Front company for laundering crypto proceeds |
| August 27, 2025 | Vitaliy Sergeyevich Andreyev | Russian national enabling IT-worker fraud schemes |
| August 27, 2025 | Korea Sinjin Trading Corporation | Facilitated cross-border crypto transfers for DPRK |
| August 27, 2025 | Kim Se Un | Operated a front trading firm in the UAE |
- Update sanction screening lists daily with the latest OFAC designations.
- Implement enhanced due diligence for freelancers or contractors from high-risk jurisdictions.
- Require verifiable government-issued ID for all new hires.
- Monitor on-chain activity for transactions involving stablecoins that pass through known OTC brokers.
- Establish a rapid-response protocol for flagged wallets.
- Conduct quarterly training on the latest DPRK tactics.
- Partner with blockchain analytics firms to receive automated alerts.
Estimate the potential financial impact of North Korean crypto thefts.
Enter values and click "Calculate Impact" to see estimated results.
- Total Stolen (Jan-Jun 2025) $2.1 Billion
- Number of Designated Entities 11
- Estimated Missile Funding ~7,000 Missiles
- High-Risk Jurisdictions 5
Key Takeaways
- In August 2025 OFAC added six new individuals and companies tied to North Korean crypto thefts.
- The designations focus on both crypto‑stealing networks and fraudulent IT‑worker schemes that infiltrate U.S. firms.
- Between January and June 2025, North Korean actors stole over $2.1billion in digital assets, funding missiles and nuclear programs.
- Compliance teams should screen for the newly listed entities and monitor blockchain addresses flagged by TRMLabs.
- International cooperation, especially with Japan and South Korea, is expanding to choke the DPRK’s crypto pipeline.
What is Office of Foreign Assets Control (OFAC) and why it matters
OFAC is the U.S. Treasury office that administers and enforces economic and trade sanctions based on U.S. foreign policy and national security goals. When OFAC designates a person or entity, U.S. persons are prohibited from dealing with them, and any assets under U.S. jurisdiction are frozen. The agency’s power comes from the International Emergency Economic Powers Act (IEEPA) and the Trading with the Enemy Act (TWEA), giving it a wide‑reaching ability to cut off funding streams for hostile regimes.
For the cryptocurrency world, OFAC’s reach is especially significant because digital assets can cross borders instantly. A single sanction can trigger blockchain analytics firms, exchanges, and compliance software to flag and block wallet addresses linked to a designated party. That’s why the 2025 wave of designations against the DPRK’s crypto operations has sent ripples through the entire crypto ecosystem.
2025 Sanctions-Who was targeted and how
In the first half of 2025, the Treasury announced a series of actions aimed at dismantling North Korea’s crypto revenue machine. The most notable escalation came on August272025, when OFAC designated the following:
| Date | Designated Entity | Primary Role |
|---|---|---|
| July82025 | Kim Ung Sun | Facilitated $600k crypto‑to‑cash conversions for DPRK |
| July242025 | Shenyang Geumpungri Network Technology Co., Ltd | Front company for laundering crypto proceeds |
| August272025 | Vitaliy Sergeyevich Andreyev | Russian national enabling IT‑worker fraud schemes |
| August272025 | Korea Sinjin Trading Corporation | Facilitated cross‑border crypto transfers for DPRK |
| August272025 | Kim Se Un | Operated a front trading firm in the UAE |
These designations build on earlier actions from 2023 and 2024, expanding the list to cover both the technical operators and the shell companies that hide their activity. The Treasury’s statement emphasized that the DPRK’s “dual‑purpose” approach blends legitimate IT services with covert crypto theft, making detection especially challenging.
How the DPRK blends crypto theft with IT‑worker fraud
Security researchers have given the operation a handful of code names-FamousChollima, JasperSleet, UNC5267, and Wagemole-to track the overlapping tactics. The core strategy is simple but effective:
- Recruit technically skilled workers, often through freelance platforms like GitHub, Freelancer, or RemoteHub.
- Assign them to U.S. or Western crypto‑focused startups where they can access wallets, smart contracts, or proprietary code.
- Use fabricated identities-examples include the personas “Joshua Palmer” and “Alex Hong”-backed by stolen documents and synthetic IDs.
- While delivering legitimate work (e.g., smart‑contract audits), they siphon off stablecoin payments or implant hidden backdoors for later ransomware.
- Funds are routed through a web of exchanges, OTC brokers, and self‑hosted wallets before landing in sanctioned entities.
This model lets the DPRK harvest both intellectual property and digital cash. The stolen crypto is quickly laundered through entities like the now‑sanctioned Shenyang Geumpungri Network, which operates out of a “co‑working” space in China but maintains only a virtual presence, making enforcement tricky.
According to TRM Labs, the network’s on‑chain activity alone accounted for $2.1billion in thefts in the first half of 2025. That amount dwarfs the total crypto‑related revenue the DPRK generated in the previous three years combined.
Financial impact - fueling missiles and nuclear programs
The Treasury’s own assessments link the crypto proceeds directly to the DPRK’s weapons of mass destruction and ballistic missile programs. Roughly $7.7million in cryptocurrency, NFTs, and digital assets were seized in a June52025 civil forfeiture case filed by the Department of Justice. Those assets traced back to a laundering network run by North Korean‑affiliated IT workers embedded in U.S. startups.
Beyond the cash, the illicit funds enable the regime to purchase dual‑use technologies, pay overseas operatives, and maintain a resilient financial lifeline that bypasses traditional banking sanctions. Each successful theft adds roughly $200k‑$500k to the DPRK’s budget for missile development, according to internal DoD estimates.
Enforcement actions and international cooperation
The response to the crypto threat is a textbook example of a whole‑of‑government approach. The Treasury, Justice Department, Department of Homeland Security, FBI, and DHS‑I work together to trace funds, seize assets, and prosecute actors. Internationally, the United States coordinated with Japan and the Republic of Korea, issuing joint statements on August272025 that condemned the IT‑worker fraud schemes and pledged shared intelligence.
Key enforcement milestones include:
- Seizure of large USDC and ETH holdings from wallets linked to Andreyev and Kim Ung Sun.
- Forensic analysis that uncovered the use of a Russian‑based OTC broker previously sanctioned in late2024.
- Arrests of several facilitators in the United Arab Emirates who helped move crypto from Asia to Europe.
The continued expansion of designations-such as Korea Sobaeksu Trading Company and its leadership-demonstrates that OFAC is not merely reacting but proactively mapping the DPRK’s ever‑evolving crypto supply chain.
Compliance checklist for crypto firms and tech companies
Staying compliant in this shifting environment means more than a single screening step. Below is a practical, actionable list that compliance officers can adopt immediately:
- Update sanction screening lists daily. Include the six individuals and five entities added in 2025, plus any associated wallet addresses flagged by TRMLabs.
- Implement enhanced due‑diligence for freelancers or contractors from high‑risk jurisdictions (Russia, China, UAE, Laos, and North Korea‑proximate states).
- Require verifiable government‑issued ID for all new hires, and cross‑check against synthetic‑identity detection tools.
- Monitor on‑chain activity for transactions involving stablecoins (USDC, USDT) that pass through known OTC brokers or mixer services.
- Establish a rapid‑response protocol: if a wallet is flagged, freeze related internal accounts and notify legal counsel within 24hours.
- Conduct quarterly training on the latest DPRK tactics-focus on “dual‑purpose” fraud that blends legitimate coding work with data exfiltration.
- Partner with blockchain analytics firms (e.g., TRM Labs, Chainalysis) to receive automated alerts for suspicious address clusters.
By embedding these steps into existing AML/KYC workflows, firms can dramatically reduce the risk of unintentionally facilitating DPRK financing.
Looking ahead - what to expect in 2026 and beyond
Analysts predict that the DPRK will double down on crypto as traditional sanction‑evasion channels become more restrictive. Expect a shift toward privacy‑focused assets like Monero and Zcash, and a greater reliance on decentralized exchange (DEX) protocols that lack centralized KYC. However, the U.S. government is already developing guidance for DEX monitoring, and new sanctions could target the underlying infrastructure providers (e.g., Web3 hosting services).
For businesses, the key takeaway is vigilance. The threat landscape will keep evolving, but a robust compliance framework, combined with real‑time blockchain monitoring, will remain the best defense against becoming a conduit for prohibited revenue.
Frequently Asked Questions
What does it mean when OFAC sanctions a cryptocurrency address?
A sanction means any U.S. person or entity must block transactions with that address, and any assets under U.S. jurisdiction are frozen. Exchanges and wallets that follow OFAC rules will automatically reject transfers to or from the flagged address.
Are freelance platforms responsible for the DPRK’s IT‑worker fraud?
The platforms aren’t directly liable, but they are expected to implement reasonable verification and monitoring. Failure to do so can expose them to civil penalties if a sanctioned actor is found to have used the service.
How can I check if a wallet is linked to a recent OFAC designation?
Use a blockchain analytics service that incorporates OFAC watchlists, such as TRM Labs. Many compliance tools now pull the Treasury’s SDN list and match on‑chain addresses automatically.
What penalties could a U.S. company face for violating OFAC crypto sanctions?
Violations can result in civil fines up to $1million per violation, criminal penalties up to $5million, and potential loss of export privileges. The Treasury also has the authority to block the company’s assets.
Will sanctions affect non‑U.S. companies that deal with North Korean crypto?
Yes, if they have a U.S. nexus-such as using U.S. dollars, U.S. banks, or U.S. persons. Many foreign firms voluntarily comply to avoid secondary sanctions that could cut them off from the U.S. financial system.
America can't sit back while North Korea is stealing crypto. We need to tighten our defenses and make sure these bad actors feel the heat. Every dollar they take is a dollar that could fund more missiles. It's time to act with strength and resolve.
Sure thing! Just a heads‑up – make sure you keep your sanction screening list fresh. The OFAC updates can be a bit tricky, but staying on top of them will save you headaches later. Also, double‑check the spellings of the names – sometimes they're misspelled in the source docs, which can lead to missed hits. It's definatley worth the extra look‑over.
While the prevailing sentiment emphasizes punitive measures, one must consider the adaptive nature of illicit networks. It is conceivable that heightened sanctions merely drive these actors toward more sophisticated, decentralized mechanisms that evade current detection frameworks. Consequently, a singular focus on designation without concurrent advancement in analytical tooling may prove insufficient. A balanced approach, integrating both enforcement and technological innovation, is warranted.
It's interesting how money, power, and ideology intertwine in these crypto schemes. When a regime feels cornered, it often turns to what it perceives as low‑risk channels, like digital assets, to fund its ambitions. Yet the very act of sanctioning creates a cat‑and‑mouse game that reshapes the global financial landscape. One wonders whether the future will see a shift toward entirely sovereign digital currencies as a response.
Great insight! 👍
From a compliance architecture perspective, the recent OFAC designations necessitate a multi‑layered remediation strategy. Firstly, all AML transaction monitoring systems must ingest the updated Entity List within 24 hours to mitigate false negatives.
Secondly, the KYC workflows should incorporate enhanced due‑diligence protocols for counterparties domiciled in high‑risk jurisdictions, specifically those flagged for IT‑worker fraud.
Thirdly, onboarding procedures ought to enforce a dual‑verification of government‑issued identification, leveraging both biometric and documentary evidence to reduce synthetic ID risks.
Moreover, blockchain analytics platforms need to be integrated via API to provide real‑time alerts on on‑chain activity involving known tainted wallets, especially stablecoin transfers that traverse OTC brokers.
Furthermore, a rapid‑response incident response playbook must be codified, delineating roles from the frontline analyst to senior compliance officers, ensuring a coordinated containment effort.
It is also advisable to conduct quarterly training sessions that simulate emerging DPRK tactics, thereby keeping staff acutely aware of evolving threat vectors.
In parallel, establishing a partnership with reputable forensic firms will enable deeper investigative capabilities when anomalous patterns are detected.
From a governance standpoint, the Board should receive quarterly dashboards summarizing sanction exposure metrics, thus aligning risk appetite with operational realities.
Technically, the data lake should retain immutable transaction logs for a minimum of five years to support any retroactive forensic analysis.
Operationally, a dedicated compliance liaison should be assigned to maintain open channels with OFAC for clarifications on ambiguous designations.
Strategically, diversifying the fiat‑to‑crypto conversion pathways by employing regulated custodial services can further diminish exposure to illicit conversion schemes.
Lastly, continuous improvement loops must be embedded, leveraging post‑incident reviews to refine detection rules and update risk models accordingly.
By implementing this comprehensive framework, firms can substantially mitigate the financial and reputational fallout associated with North Korean crypto fraud.
Thanks for laying that out so clearly! It really helps to see the steps broken down. Staying proactive is the only way to keep ahead of these bad actors. 🚀 Keep up the good work and stay vigilant! 💪
Whoa, this is a dramatic turn in the crypto battlefield! The stakes have never been higher, and the drama of sanctions plays out like a thriller. Every new designation feels like a plot twist, and the world watches with bated breath. Keep the updates coming – the suspense is real! 😮💨
Our nation must stay tough on these crypto thieves. Letting North Korea walk free with stolen funds only fuels their aggression. It's time for a unified front, and we shouldn't back down. Strong action now will protect future generations.
Honestly, this kind of compliance checklist feels like a pointless box‑ticking exercise. The real problem is that these measures are reactive, not proactive. By the time you update the list, the funds have already moved. It's a flawed system that needs a total overhaul.
Great points made here! It's encouraging to see practical steps that can actually make a difference. Staying optimistic about our ability to adapt is key – together we can out‑smart these threats.
I'm curious about how these designations affect smaller crypto startups. Do they have the resources to implement such rigorous compliance? It would be interesting to hear real‑world examples of firms navigating this landscape.
Thanks for raising that question! Smaller firms often rely on third‑party compliance services to stay on top of the changes.
What a vibrant discussion! It's amazing to see the community rally together, sharing colorful insights and practical advice. Keep the energy flowing – together we can turn these challenges into opportunities.
Enough of the polite talk – this is a war on crypto and we need to hit back hard! If we don't crush these networks now, they'll just get bolder.
Why not just let them use crypto? It's their money, and trying to block them only pushes us into more surveillance.