US Targets North Korea’s Crypto Network as DOJ Moves to Seize $15M in Stolen USDT
The U.S. Department of Justice (DOJ) has launched a new enforcement push against North Korea’s state-backed cybercrime operations, seeking to forfeit over $15 million in stolen USDT and securing multiple guilty pleas from individuals who helped Pyongyang infiltrate U.S. companies through fraudulent IT work.
DOJ to Forfeit Millions in Stolen USDT
The U.S. Department of Justice has initiated civil forfeiture proceedings to seize approximately $15.1 million in USDT linked to North Korean hacking activity. The funds were traced to a series of 2023 cyberattacks orchestrated by Advanced Persistent Threat 38 (APT38), a military-affiliated hacking unit long associated with high-value crypto thefts.
Federal officials disclosed that the FBI initially seized the assets in March 2025, and prosecutors are now seeking court approval for permanent forfeiture. Once finalized, the recovered funds will be returned to the victims of the targeted platforms.
Multiple Exchanges By Complex Laundering Network
While the DOJ did not specify the affected exchanges, the timeline aligns with several major 2023 breaches, including the $100 million Poloniex incident, the $37 million CoinsPaid intrusion, the Alphapo payments platform attack estimated at around $100 million, and a separate $138 million theft from a Panama-based exchange. The department has not confirmed whether these cases are part of the current actions.
According to the DOJ, North Korean operatives deployed a complex laundering network involving cross-chain bridges, OTC brokers, centralized exchanges, and crypto mixers to obscure the movement of the stolen assets.
U.S.-Based Facilitators Targeted in Parallel Criminal Cases
The crackdown extends beyond digital asset seizures. Federal prosecutors also announced guilty pleas from five individuals who supported North Korea’s illicit revenue operations by enabling fraudulent remote IT employment inside the United States, which has proven to be an increasingly critical funding mechanism for Pyongyang.
Four U.S. citizens — Audricus Phagnasay (24), Jason Salazar (30), Alexander Paul Travis (34), and Erick Ntekereze Prince (38) — admitted to conspiring to commit wire fraud after allowing North Korean IT workers to pose as U.S.-based employees. Each defendant provided stolen or borrowed identities and permitted company-issued laptops to be operated from their residences, enabling unauthorized access to American corporate networks.
Ukrainian Operator at the Center of Identity Theft Scheme
In a related case, Oleksandr Didenko, a 28-year-old Ukrainian national, pleaded guilty in the District of Columbia to wire fraud conspiracy and aggravated identity theft. Prosecutors said Didenko supplied stolen identities to overseas IT workers, enabling North Korean operatives to secure roles at as many as 40 U.S. companies.
Court filings state he managed up to 871 identities and oversaw a network of co-conspirators.
He was detained in Poland in late 2024, extradited to the United States, and agreed to forfeit more than $1.4 million. Sentencing is scheduled for February 19, 2026.
Ongoing Efforts to Disrupt North Korea’s Cyber Operations
Officials emphasized that the multi-pronged enforcement strategy, both seizing digital assets and dismantling U.S.-based support networks, aims to curb North Korea’s growing reliance on cyber-enabled revenue streams. Investigators say more seizures and criminal actions are expected as efforts to trace and recover stolen virtual currency continue.
Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.
Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.