U.S. seizes additional crypto linked to North Korea’s illegal network

The U.S. Department of Justice on Friday convicted several criminals who helped the Democratic People’s Republic of Korea to pocket large amounts of digital assets fraudulently. The department also obtained about $15 million in proceeds from the remote information technology work and crypto heist. 

The DOJ revealed that North Korea uses such schemes to fund its weapons and other priorities in violation of sanctions. U.S. authorities found that facilitators in the U.S. and Ukraine assisted North Korean actors in obtaining remote IT employment with U.S. companies.

U.S. nationals plead guilty to wire fraud conspiracy

Justice Department Announces Nationwide Actions to Combat Illicit North Korean Government Revenue Generation

Department Seeks Forfeiture of More Than $15M in Virtual Currency Stolen and Laundered by North Korean Hackers

🔗: https://t.co/2qZ73r3wYx pic.twitter.com/FRaqJjYW8f

— U.S. Department of Justice (@TheJusticeDept) November 14, 2025

According to court documents associated with the five guilty pleas, the hackers’ schemes impacted more than 136 U.S. victim companies and garnered more than $2.2 million in revenue for the DPRK regime. They also compromised the identities of more than 18 U.S. citizens.

The DOJ also revealed that a North Korean hacking group known as Advanced Persistent Threat 38 (APT38) carried out a multimillion-dollar crypto heist at four overseas digital asset platforms in 2023. The U.S. government now wants to return the more than $15 million in virtual currency it seized to the rightful owners.

“Hostile nation-states raising funds for illicit programs by stealing from digital asset exchanges threatens both. The Criminal Division is steadfast in its determination to forfeit ill-gotten gains from bad actors and return funds to victims.”

–Mathew Galeotti, Acting Assistant Attorney General of the Justice Department’s Criminal Division.

Court documents from the U.S. District Court for the Southern District of Georgia revealed that U.S. nationals Audricus Phagnasay, Jason Salazar, and Alexander Paul Travis pleaded guilty to one count of wire fraud conspiracy. Authorities discovered that Phagnasay and Travis provided their U.S. identities to IT workers they knew were located outside the country. Their actions enabled the remote IT workers to apply for and obtain employment with U.S. companies fraudulently.

The court also revealed that the trio hosted victim U.S. company-provided laptops at their residences, where they installed unauthorized remote access software. The software enabled the IT worker to create the false impression that they were working remotely from the defendants’ residences. The three defendants also assisted the IT workers in completing employer vetting procedures, with Travis and Salazar showing up for drug testing on behalf of the remote workers.

U.S. court fines defendants in North Korea’s fraudulent scheme

The court fined Travis at least $51,397 for his participation in the scheme, while Phagansay and Salazar received around $3,450 and $4,500, respectively. U.S. Attorney Margaret Heap for the Southern District of Georgia commended the collaboration of U.S. law enforcement agencies in identifying, investigating, and prosecuting the defendants.

Ukrainian national Oleksandr Didenko also pleaded guilty earlier this week to one count of wire fraud conspiracy and one count of aggravated identity theft. The U.S. District Court for the District of Columbia found that U.S. companies paid Didenko’s IT worker clients hundreds of thousands of dollars for their work. He agreed to forfeit more than $1.4 million, including around $570,000 in fiat and digital assets seized from him and his co-conspirators.

U.S. national Erick Ntekereze Prince pleaded guilty on November 6 to one count of wire fraud conspiracy. The U.S. District Court for the Southern District of Florida found that Prince’s company, Taggcar Inc., contracted to supply allegedly certified IT workers to U.S. companies from around June 2020 through August 2024. 

Prince allegedly hosted U.S. company-provided laptops, knowing the IT workers were using false and stolen identities to obtain employment. The court charged Prince, U.S. national Emanuel Ashtor, and Mexican national Pedro Ernesto Alonso de los Reyes in January 2025 for their alleged participation in the scheme. The IT workers’ scheme earned more than $943,069 in salary payments from U.S. companies. De los Reyes is awaiting extradition from the Netherlands, while Ashtor is pending trial.

Claim your free seat in an exclusive crypto trading community - limited to 1,000 members.