The US Treasury isn’t pulling any punches. They just hit a North Korean man, Song Kum Hyok, with serious sanctions. He’s accused of helping North Korea’s government sneak IT workers into companies worldwide. These workers then funnel money back to Pyongyang, often by exploiting the very companies they work for.
The Office of Foreign Assets Control, or OFAC, added Song to its special watchlist on Tuesday. This move instantly blocks him from the global financial system. According to a report by CoinDesk, Song reportedly helped place North Korean IT staff into foreign businesses. Their goal was to send money home. Sometimes, they even used their inside access to steal from the platforms.
These hidden employees, the Treasury says, often use fake documents. They get jobs in tech and crypto companies. They work on software projects and development. But while doing so, they use their special access to swipe money or private information.
A Clever Infiltration Plan
The Treasury points out that North Korea has turned remote work into a way to fund its government. The official statement says North Korea “earns big money by tricking global companies into hiring their IT workers.” This happens a lot in tech and cryptocurrency fields.
The Treasury’s announcement didn’t name specific cases or list any crypto wallet addresses. But it did remind everyone about the Lazarus Group. This group has been linked to many attacks. These include stealing $625 million from Axie Infinity. They also hit Bybit for $1.5 billion this year.
Crypto as a Money Funnel
The Treasury warned that these North Korean workers use crypto exchanges. They move payments from their freelance jobs. They hide where the money came from. Then, they send it to the North Korean government.
Ari Redbord, who leads global policy at TRM Labs, gave a stern warning. He said these workers are not just simple remote staff. “They act as entry points for illegal money schemes,” he explained. “They are also ways for hackers to get inside systems, especially in the crypto world.”
Redbord also noted something new. This time, the Treasury specifically said that North Korean operatives are working from China and Russia. He believes this shows a “growing bond” between North Korea and those countries.
A Clear Pattern
Sanctioning Song is part of a bigger trend. In recent weeks, the Treasury has ramped up its efforts. They are targeting North Korea’s ways of getting money.
“Song is like the gear that makes the machine work,” Redbord said. “He’s not the hacker, but he makes it possible.” Redbord added that the Treasury is now focusing more on breaking up these networks. They are going after the people who allow these schemes to run, not just those who carry out the attacks.
This case highlights how North Korea keeps finding new ways to fight economic wars online. It’s a wake-up call for tech and crypto companies around the world. They need to check people’s backgrounds much more carefully. And they must boost their cybersecurity.