US DOJ seeks to seize $15 million in USDT linked to North Korean hackers

The U.S. Justice Department is set to seize more than $15 million in USDT linked to North Korean hackers, part of a broader effort to disrupt Pyongyang’s growing reliance on cryptocurrency theft and illicit computer work to fund its sanctioned programs.

The action, announced Friday, includes two civil forfeiture complaints covering $15.1 million worth of Tether stolen in a series of attacks in 2023 attributed to North Korea’s Advanced Persistent Threat 38 (APT38), a state-backed hacking unit known for targeting global crypto companies.

FBI Seeks to Confiscate Seized USDT Linked to 2023 Crypto Hacks

Federal investigators traced digital assets to funds stolen from four virtual currency platforms in 2023.

The FBI initially seized USDT in March 2025 and is now seeking court approval to permanently confiscate the assets so they can be returned to victims.

The DOJ has not identified the specific platforms hacked, although its timeline closely matches several major incidents from that year, including the $100 million Poloniex breach in November 2023, the $37 million CoinsPaid hack in July, the Alphapo payments attack, which the DOJ estimates to be worth around $100 million, and another theft of around $138 million in November 2023 on a stock exchange based in Panama.

The DOJ has not confirmed which of these cases fall under forfeiture actions.

According to the announcement, North Korean agents continued to launder the stolen funds through a patchwork of mixers, cross-chain bridges, crypto exchanges, and OTC brokers.

“Efforts to trace, seize, and confiscate stolen virtual currency continue, as APT38 actors continue to launder these funds,” the DOJ said.

Enforcement efforts don’t stop with hackers. The Justice Department also revealed that it had obtained guilty pleas from five individuals who helped North Korea infiltrate U.S. companies through fraudulent remote computer work, a scheme that has become a central revenue source for Pyongyang.

Four U.S. citizens, including Audricus Phagnasay (24), Jason Salazar (30), Alexander Paul Travis (34), and Erick Ntekereze Prince (38), admitted to participating in a wire fraud conspiracy after providing their identities to North Korean IT workers and allowing company-issued laptops to be used from their homes.

The setup was designed to make it appear as if these workers were based in the United States, giving them access to American corporate networks.

Ukrainian pleads guilty to selling stolen US identities to North Korea

In another plea, Ukrainian national Oleksandr Didenko admitted conspiracy to commit wire fraud and aggravated identity theft.

He stole the identities of American citizens and sold them to North Korean IT workers, helping them obtain positions at 40 companies. Didenko agreed to forfeit more than $1.4 million.

In total, these schemes affected 136 U.S. companies, generated more than $2.2 million for the North Korean government, and compromised the identities of more than 18 Americans.

Officials have repeatedly warned that North Korean computer scientists can earn up to $300,000 a year, collectively pumping hundreds of millions of dollars into programs overseen by the regime’s Defense Ministry.

Crypto theft operations in North Korea have increased in 2025, with hackers stealing more than $2 billion so far this year, according to blockchain analytics firm Elliptic.

The post US DOJ seeks to seize $15 million in USDT linked to North Korean hackers appeared first on Cryptonews.

Source link