The US Treasury has imposed new sanctions on a group of North Korean bankers and institutions accused of laundering millions of dollars in cryptocurrency linked to cyberattacks and illicit IT projects that help finance Pyongyang’s weapons programs.
The Office of Foreign Assets Control (OFAC) said Tuesday that eight individuals and two entities have been designated for “laundering funds derived from cybercrime and information technology worker fraud,” including proceeds related to ransomware and crypto thefts.
“North Korean state-sponsored hackers are stealing and laundering money to finance the regime’s nuclear weapons program,” Treasury Undersecretary for Terrorism and Financial Intelligence John K. Hurley said in a press release.
Last month, blockchain analytics firm Elliptic reported that North Korean hackers stole more than $2 billion in cryptocurrency in 2025, highlighting the regime’s growing reliance on digital assets.
According to Treasury, DPRK-linked hackers are using advanced malware, phishing campaigns and social engineering to hack crypto companies and exchanges. A recent CoinDesk investigation also found that North Korean hackers are increasingly leveraging AI to automate and scale their attacks.
The sanctioned network allegedly relied on cryptocurrency transactions and front companies to conceal the flow of illicit funds. Two North Korean bankers, Jang Kuk Chol and Ho Jong Son, managed at least $5.3 million in crypto linked to OFAC-designated First Credit Bank, funds linked to a ransomware group that previously targeted U.S. victims and laundered the earnings of DPRK IT workers overseas.
OFAC said the two men were designated under several executive orders to support revenue-generating cyber activities and commercial operations for the North Korean government.
The Treasury also targeted the Korea Mangyongdae Computer Technology Company (KMCTC), which runs delegations of IT workers in Shenyang and Dandong in China. The KMCTC and its chairman, U Yong Su, allegedly used Chinese nationals as banking agents to conceal the origin of funds earned by DPRK IT workers abroad.
Tuesday’s actions extend to Ryujong Credit Bank, accused of facilitating international transfers for North Korean entities involved in sanctions evasion and cryptocurrency laundering.
OFAC said the designations strengthen U.S. efforts to “cut off illicit revenue streams” that fuel North Korea’s weapons programs and cyber operations that threaten the global digital economy.
