- DOJ is seeking to forfeit $15.1M in USDT stolen by North Korean hackers linked to APT38.
- Five individuals admitted to helping North Korean IT workers infiltrate 136 U.S. companies.
- North Korea generated over $2.2M through fraudulent employment and crypto theft in 2023.
- Hackers have stolen over $2B in crypto in 2025, with APT38 being a major player in the thefts.
The U.S. Department of Justice (DOJ) has filed to forfeit more than $15.1 million worth of Tether’s USDT stablecoin that was stolen by North Korean hackers in 2023. The funds were linked to Advanced Persistent Threat 38 (APT38), a North Korean military hacking group responsible for several high-profile crypto heists. The DOJ’s filing seeks to keep the stolen crypto after the FBI seized the funds in March 2025.
The assets are believed to be connected to multiple thefts, although the DOJ did not specify all the incidents involved. The seizures likely cover a range of high-value hacks, including the $100 million hack of Poloniex, a $37 million theft from CoinsPaid, and the $60 million attack on Alphapo. The DOJ emphasized that its investigation remains ongoing as the APT38 group continues to launder the stolen funds through various methods, including mixers and cryptocurrency exchanges.
Guilty Pleas in IT Worker Fraud Scheme
In a separate but related development, five individuals, including four U.S. citizens and one Ukrainian national, have pleaded guilty to charges related to a scheme that allowed North Korean IT workers to infiltrate over 136 U.S. companies. The individuals provided stolen identities and hosted company-issued laptops at their homes to make it appear that the workers were located within the U.S.
The four U.S. citizens, identified as Audricus Phagnasay, Jason Salazar, Alexander Paul Travis, and Erick Ntekereze Prince, each admitted to conspiring with North Korean operatives.
They facilitated fraudulent employment for IT workers, enabling them to generate funds for North Korea. The Ukrainian national, Oleksandr Didenko, was also implicated in the scheme, having stolen U.S. identities and sold them to North Korean operatives to help them gain employment at American companies.
Scheme Generated $2.2 Million for North Korea
The fraudulent employment scheme reportedly generated over $2.2 million for the North Korean regime. In addition to affecting 136 companies, the operation compromised the personal information of more than 18 U.S. citizens. This scam is part of North Korea’s broader strategy to earn revenue through cybercrimes, including remote IT scams and cryptocurrency theft.
North Korean IT workers are often employed in remote roles at U.S. companies, with their true locations obscured by these fraudulent activities. A 2022 advisory from U.S. agencies highlighted that North Korean IT workers could earn significant sums, funneling hundreds of millions of dollars into the country’s military programs.
Ongoing Cyber Theft by APT38
The APT38 group is known for its sophisticated cyberattacks, which have netted billions of dollars in stolen cryptocurrency. According to an analysis from Elliptic, North Korean hackers have stolen over $2 billion in crypto so far in 2025 alone, making them one of the most prolific cybercriminal groups globally. APT38 has targeted a range of virtual currency platforms, siphoning funds through various methods and channels to evade detection.
The DOJ’s efforts to seize and forfeit the stolen funds are part of a broader initiative to disrupt North Korea’s illegal cyber activities. The ongoing investigation into APT38’s operations is expected to uncover further connections and potentially more stolen assets linked to the group.
Get 3 Free Stock Ebooks
Discover top-performing stocks in AI, Crypto, and Technology with expert analysis.
- Top 10 AI Stocks - Leading AI companies
- Top 10 Crypto Stocks - Blockchain leaders
- Top 10 Tech Stocks - Tech giants
