The U.S. Department of Justice (DOJ) has moved to forfeit more than $15 million in USDT stolen by North Korean hackers and secured guilty pleas from five people who helped Pyongyang infiltrate American companies with fake IT workers.
The DOJ filed two civil forfeiture complaints seeking to keep $15.1 million worth of Tether’s USDT stablecoin that was stolen by North Korean hackers in 2023, the department announced Friday.
The seized crypto was traced to Advanced Persistent Threat 38 (APT38), a North Korean military hacking group that carried out heists targeting four overseas virtual currency platforms in 2023. The FBI seized the funds in March 2025 and is now seeking court approval to forfeit the assets for return to the victims.
The seized crypto comes from four incidents that the announcement does not specify, but clues indicate the agency may be referring to the over $100 million Nov. 2023 hack of exchange Poloniex, the $37 million hack of crypto firm CoinsPaid in July 2023, the $60 million hack (which the DOJ pegs at about $100 million) of payments processor Alphapo that same month, and an unspecified “November 2023 theft of approximately $138 million from a Panama-based virtual currency exchange.” The DOJ has not publicly confirmed which incidents the forfeiture complaints cover.
“Efforts to trace, seize, and forfeit related stolen virtual currency remain ongoing, as the APT38 actors continue to launder such funds through various virtual currency bridges, mixers, exchanges, and over-the-counter traders,” the agency said in its statement.
U.S. citizens helped North Korean IT workers
On Friday, the DOJ also announced it had secured guilty pleas from four U.S. citizens and one Ukrainian national who admitted to helping North Korean IT workers fraudulently obtain employment at U.S. companies by providing stolen identities and hosting company laptops.
Four U.S. citizens — Audricus Phagnasay, 24, Jason Salazar, 30, Alexander Paul Travis, 34, and Erick Ntekereze Prince, 38 — pleaded guilty to wire fraud conspiracy for providing their identities to North Korean workers and hosting company-issued laptops at their homes to make it appear the workers were based in the United States.
Ukrainian national Oleksandr Didenko also pleaded guilty on Nov. 10 to wire fraud conspiracy and aggravated identity theft for stealing U.S. citizens’ identities and selling them to North Korean IT workers. Didenko helped North Koreans gain employment at 40 U.S. companies and agreed to forfeit more than $1.4 million as part of his plea deal.
The schemes affected more than 136 U.S. companies, generated more than $2.2 million in revenue for the North Korean regime, and compromised the identities of more than 18 U.S. citizens, the DOJ said.
North Korea has increasingly relied on both cryptocurrency theft and remote IT worker schemes to generate revenue in violation of international sanctions. A 2022 advisory from the FBI, Treasury, and State Department warned that North Korean IT workers can earn up to $300,000 annually, collectively funneling hundreds of millions of dollars into programs run by the country’s Ministry of Defense.
North Korean hackers have stolen more than $2 billion in cryptocurrency so far in 2025 alone, making the regime one of the most prolific crypto theft operations globally, per an Elliptic analysis.
© 2025 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.
Trade Crypto On Coinhub Exchange
Trade Crypto On Coinhub Exchange
Stay ahead of the market by turning news insights into trading opportunities. With Coinhub Exchange, you can seamlessly buy, sell, and manage your digital assets, all in one secure platform. Take advantage of real-time market insights, deep liquidity, and fast execution for your favorite cryptocurrencies. Don’t just read about it — trade crypto now!
Disclaimer
The content of this article shown by Coinhub News, powered by The Block, is for informational purposes only and should not be construed as financial, legal, tax, or investment advice. Coinhub News and its affiliates are not a licensed financial advisor, legal advisor, broker, or tax advisor, and ... should not be considered as professional advice or a recommendation to engage in any specific investment, legal decision, or financial transaction. Cryptocurrency markets are highly speculative and volatile. Readers should perform their own independent research and consult with a qualified professional before making any financial or legal decisions. The opinions expressed in this article are those of the author and do not necessarily represent the views or opinions of the Company of its affiliates. Additionally, the Company does not make any representations or warranties regarding the accuracy, timeliness, reliability, or completeness of any information in this article. By accessing this content, you acknowledge that any reliance on the information contained in this article is solely at your own risk. The Company is not responsible for any financial losses, legal disputes, or other damages that may arise from reliance on this content or from any investment or legal decisions based on the information provided. Investing in cryptocurrencies involves substantial risks, including the risk of losing your entire investment, and you should carefully consider whether it is appropriate for your circumstances.
Read more
