North Korean Hackers Laundered $7.74M with ChatGPT and NFTs — Here's How

Key Insights

• The DOJ seized over $7.74 million in crypto laundered by North Korean IT workers funding weapons programs.

• North Korean operatives used fake identities and AI tools to secure remote tech jobs in the US and abroad.

• Laundered funds were converted, mixed, smurfed and disguised through NFTs and mixers.

• AI tools like OpenAI and Google were used to generate fake resumes, cover letters, and research employers for job applications.

• The seizures are part of the DOJ's RevGen initiative to crack down on North Korea's cyber-financial networks.

  The U.S. Department of Justice (DOJ) has seized over $7.74 million in crypto laundered by North Korean hackers pretending to be remote workers

This operation was revealed through a civil forfeiture complaint in the District of Columbia.

It also shows how North Korea is now using tools like artificial intelligence and cryptocurrency to not only bypass sanctions but to finance its weapons programs.

This is no longer a mere case of crypto fraud.

It’s a window into how a sanctioned regime is taking advantage of loopholes to fund its activities in plain sight.

North Korean Operatives Posing as Remote Tech Workers

The DOJ’s complaint showed a disturbing trend, where North Korean IT operatives used stolen or fake identities to pass “Know Your Customer” (KYC) checks.

Soon after this, they get hired by companies in the US and other regions as remote developers.

Complaint from the DOJ

These hackers were not breaking into systems or stealing directly from accounts. Instead, they were hired legitimately while pretending to be skilled professionals from other countries

In reality, the money they earned was being funneled directly to the North Korean regime.

The wages were typically paid in U.S. dollar-pegged stablecoins like USDT or USDC. Once paid, the crypto was laundered and funneled straight into the North Korean regime’s coffers.

How They Laundered the Funds

To wash the funds and make them untraceable, these individuals first converted the stablecoins into other cryptocurrencies

Then, they used mixing services to further hide the transaction trail

Sometimes, funds were moved in small amounts to avoid triggering automated alerts. In further detail, this technique is known as “smurfing.”

One interesting tactic from these individuals was the use of NFTs.

The operatives would buy and sell NFTs as part of the laundering cycle. These transactions helped blend the illegally obtained funds with legitimate blockchain activity and therefore made it harder for authorities to trace the money back to its origin.

The DOJ specifically named two individuals, Sim Hyon Sop of North Korea’s sanctioned Foreign Trade Bank, and Kim Sang Man of Chinyong IT Cooperation Company, as major intermediaries helping move the funds on behalf of the North Korean government.

AI Was A Major Part Of The Plan

One of the most disturbing aspects of this operation was the use of AI tools.

OpenAI (the company behind ChatGPT) confirmed that several accounts associated with North Korean actors were recently banned

These accounts were being used to generate fake resumes, craft employment histories, write cover letters and even research employers.

Essentially, the AI was being used as a tool to automate the entire job-application process

Some operatives even ran “laptop farms” to simulate real remote work activity from places like Russia and Laos.

Google even reported taking similar action by removing accounts tied to North Korean actors for similar misuse.

The RevGen Initiative

This disturbing trend is part of efforts from the US to crack down on North Korea’s cyber-financial network

The DOJ launched the DPRK Revenue Generation (RevGen) initiative in March 2024 to track down channels that the regime uses to fund its banned weapons programs.

Jeanine Pirro, U.S. Attorney for the Southern District of New York, stressed the importance of continued enforcement, saying:

“U.S. sanctions are in place for a reason. We will continue to investigate and prosecute anyone helping North Korea fund its illegal weapons programs.”

Thursday’s crask-down sends a clear signal that the DOJ is not letting up, especially as North Korea starts to use more and more tools to carry out its plans.

Disclaimer: Voice of Crypto aims to deliver accurate and up-to-date information, but it will not be responsible for any missing facts or inaccurate information. Cryptocurrencies are highly volatile financial assets, so research and make your own financial decisions.