U.S. Sanctions North Korean Bankers Over Crypto Laundering Tied to Cyberattacks

The U.S. Treasury has imposed fresh sanctions on a group of North Korean bankers and institutions accused of laundering millions in cryptocurrency tied to cyberattacks and illicit IT work schemes that help fund Pyongyang’s weapons programs.

The Office of Foreign Assets Control (OFAC) said Tuesday that eight individuals and two entities were designated for “laundering funds derived from cybercrime and information technology worker fraud,” including proceeds linked to ransomware and crypto thefts.

“North Korean state-sponsored hackers steal and launder money to fund the regime’s nuclear weapons program,” said Under Secretary of the Treasury for Terrorism and Financial Intelligence John K. Hurley in a press release.

Last month, blockchain analytics firm Elliptic reported that North Korean hackers had stolen more than $2 billion worth of cryptocurrency in 2025, underscoring the regime’s growing reliance on digital assets.

According to Treasury, DPRK-linked hackers use advanced malware, phishing campaigns, and social engineering to breach crypto firms and exchanges. A recent CoinDesk investigation also found that North Korean hackers are increasingly leveraging AI to automate and scale their attacks.

The sanctioned network allegedly relied on cryptocurrency transactions and shell companies to conceal the flow of illicit funds. Two North Korean bankers, Jang Kuk Chol and Ho Jong Son, managed at least $5.3 million in crypto tied to OFAC-designated First Credit Bank, funds linked to a ransomware group that previously targeted U.S. victims and laundered earnings from overseas DPRK IT workers.

OFAC said both men were designated under multiple executive orders for supporting cyber-enabled activities and commercial operations that generate revenue for the North Korean government.

The Treasury also targeted Korea Mangyongdae Computer Technology Company (KMCTC), which operates IT worker delegations in China’s Shenyang and Dandong. KMCTC and its president, U Yong Su, allegedly used Chinese nationals as banking proxies to disguise the origins of funds earned by DPRK IT workers abroad.

Tuesday’s actions extend to Ryujong Credit Bank, accused of facilitating international transfers for North Korean entities involved in sanctions evasion and crypto laundering.

OFAC said the designations reinforce U.S. efforts to “cut off illicit revenue streams” fueling North Korea’s weapons programs and cyber operations that threaten the global digital economy.