TL;DR
- US sanctions six individuals and two entities for North Korean IT schemes.
- Facilitator Nguyen Quang Viet converted $2.5 million into cryptocurrency for North Koreans.
- DPRK-linked hackers stole over $2.17 billion in crypto during 2025.
The US Department of the Treasury sanctioned six individuals and two entities for facilitating North Korean IT worker schemes that generated nearly $800 million in 2024 to fund the regime’s weapons of mass destruction programs.
The Office of Foreign Assets Control (OFAC) identified the targets operating in Vietnam, Laos, Spain, and North Korea. All of them participated in fraudulent remote employment networks inside US companies and in the subsequent laundering of funds through cryptocurrency.
How the Crypto Laundering Network Operated
One of the most documented cases involves Nguyen Quang Viet, CEO of Vietnamese firm Quangvietdnbg International Services Company. Between mid-2023 and mid-2025, Nguyen converted approximately $2.5 million into cryptocurrency for North Korean nationals, including funds generated by IT workers linked to the sanctioned entity Amnokgang Technology Development Company.
Another designated individual, Hoang Van Nguyen, helped previously sanctioned DPRK nuclear procurement facilitator Kim Se Un open bank accounts and execute crypto transactions. In 2022, he also coordinated a counterfeit cigarette deal worth more than $200,000 on Kim’s behalf.
Yun Song Guk, a North Korean national who led a group of IT workers operating out of Boten, Laos, since at least 2023, received his designation alongside two Ethereum addresses. Hoang Minh Quang, who coordinated more than $70,000 in financial transactions with Yun, was linked to one bitcoin address on the OFAC list.
The sanctions also covered multiple crypto addresses across several blockchain networks:
- Amnokgang Technology Development Company: three Ethereum addresses and four TRON addresses
- Yun Song Guk: two Ethereum addresses
- Hoang Minh Quang: one bitcoin address
All property and interests of the designated individuals inside US territory are immediately blocked. Violations of the sanctions carry potential civil or criminal penalties.
North Korea Broke Crypto Theft Records in 2025
The sanctions arrive against a backdrop of unprecedented escalation in North Korean cyber operations. According to blockchain analytics firm Chainalysis, DPRK-linked hackers stole more than $2.17 billion in cryptocurrency in just the first half of 2025, surpassing the total stolen throughout all of 2024.
The largest single incident was the breach of exchange Bybit on February 21, 2025, where attackers siphoned nearly $1.5 billion in Ethereum in one operation.
The pattern is clear: North Korea plants IT workers inside Western companies to generate revenue, converts those funds into cryptocurrency through local intermediaries, and channels the proceeds into its weapons programs. The sanctions announced this week target the most vulnerable point in the chain ā the human facilitators who turn illicit earnings into digital assets.
