How US cracks down on North Korean crypto crime network
On August 27, 2025, the U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) sanctioned a large fraud network that was found to be financing North Korea's (DPRK) weapons programs.
Analysts from Chainalysis tracked suspicious transactions, revealing that funds passed through several wallets and mixers before being cashed out. This mechanism allowed attackers to hide the origin of the assets and blur the trail, making them difficult to trace.
Analysis of the fraudulent scheme and Its funding
The primary goal of the sanctioned network was to provide financial support for the DPRK's weapons programs, primarily through revenue from illicit activities.
The key figures in this case are a Russian citizen, Vitaliy Sergeyevich Andreyev, and a DPRK citizen, Kim Ung Sun. It is assumed that they were the main intermediaries who managed significant financial flows. They used complex schemes, including fraudulent identities and collaboration with various organizations such as Chinyong Information Technology Corporation (also known as Jinyong IT Cooperation Company), Shenyang Geumpungri Network Technology Co., Ltd., and Korea Sinjin Trading Corporation. These companies acted as front organizations that provided funding for the criminal activity.
For example, Chinyong IT and Shenyang Geumpungri hired and conducted special training for North Korean developers and sent them abroad to carry out criminal orders, while Korea Sinjin Trading Corporation was a financial shell company used for the legalization of funds.
Most often, the DPRK sent IT specialists to the U.S. and Europe. They were provided with fake documents and references to take positions at strategic enterprises. As part of their official duties, they were engaged in stealing sensitive data and carrying out ransomware attacks.
The funds earned, most often in the form of cryptocurrency, were then transferred back to the DPRK.
According to Chainalysis, over $600,000 in cryptocurrency was processed through just one of Andreyev's addresses, which is a small part of the total volume. These funds were likely obtained through phishing campaigns, data theft, and ransomware attacks carried out by North Korean hackers located outside the country.
Tracking transactions and global cooperation
The success of the investigation that led to the OFAC sanctions would have been impossible without an in-depth analysis of the blockchain. The study of decentralized networks allows law enforcement agencies and private companies, such as Chainalysis, to track and understand the entire chain of movement of funds for financing North Korean missile programs, Iran, and other authoritarian states.
Every transaction, although it may seem anonymous at first glance, leaves an immutable digital trail in the public transaction ledger. This allows analysts to link individual wallet addresses to specific individuals and legal entities. In this case, analysts were able to identify addresses associated with the sanctioned individuals and demonstrate how the funds obtained from criminal activity were ultimately returned to the DPRK.
This case highlights the growing importance of cooperation between government and private entities. OFAC's efforts to identify and sanction the fraudulent network were greatly facilitated by access to data and analytical capabilities provided by Chainalysis. This partnership allowed for a rapid response to illegal activities, not only by identifying those responsible but also by disrupting their financial operations.
The transparency of blockchain, combined with advanced analytical tools, once again demonstrates that cryptocurrencies can be traced to combat international crime, sending a serious warning to those who try to use crypto for illegal purposes.
Recommended