North Korean Hackers Laundered Millions in Crypto Using AI and Fake Resumes

Hackers from North Korea used AI, fake resumes, and crypto tactics to launder $7.74M while posing as remote workers.

Fridah Kangai
June 7, 2025
3:30 pm

Fridah Kangai

Fridah Kangai is a dedicated crypto journalist with a sharp eye for market trends, blockchain innovation, and digital asset movements. She specializes in breaking down complex topics into clear, engaging stories for both seasoned investors and curious newcomers. With a passion for decentralization and a pulse on the ever-evolving crypto space, Fridah delivers timely, accurate, and insightful coverage. Her work bridges the gap between technology and everyday understanding in the world of cryptocurrency.

North Korean hackers used AI to create fake resumes and secure remote jobs at U.S. companies.
Laundered crypto payments were split, mixed, and disguised through NFTs and token conversions.
DOJ links the operation to sanctioned individuals aiding North Korea’s weapons financing efforts.

North Korean hackers pretending to be remote IT workers have cleaned over $7.74 million in cryptocurrencies with help from fictitious resumes and advanced AI. A civil forfeiture complaint filed by the DoJ in the District of Columbia revealed this information.

Employees used unlawful documents to pass security and land employment both in American companies and abroad. With these roles, they were able to take home stablecoins linked to the U.S. dollar and use them in complicated crypto channels.

Apparently, they pretended to have work histories and resumes by using ChatGPT and similar AI services. By doing so, they obtained contracts and freelance work without revealing who they were. OpenAI has confirmed that it has recently banned accounts tied to North Korea found to have hosted certain activities.

Department Files Civil Forfeiture Complaint Against Over $7.74M Laundered on Behalf of the North Korean Government

🔗: https://t.co/T6nh2ETMYY pic.twitter.com/o23HY6C6Zw
— U.S. Department of Justice (@TheJusticeDept) June 5, 2025

They made their task look real by setting up “laptop farms” in both Russia and Laos. Adopting this process was meant to create a video game-like experience that hindered employers and platforms from seeing actual user activity.

AI and Crypto Tricks Behind the Deception

The Justice Department stated that once the ransom was received, the operatives concealed the funds using advanced cryptocurrency techniques. To avoid detection, they disguised transactions by mixing digital assets, converting tokens, and using NFTs as part of their strategy.

Funds were often transferred in small amounts across multiple wallets to reduce the chances of being tracked by enforcement agencies. Authorities confirmed that the scheme involved sanctioned individuals, including Sim Hyon Sop of the Foreign Trade Bank in North Korea.

Kim Sang Man of Chinyong IT Cooperation Company was also identified as a participant in the illicit crypto operations. Both individuals had previously been listed on U.S. sanctions in 2020 for their roles in financial crimes linked to North Korea.

This is part of the DOJ’s DPRK RevGen operation, which was established to counter North Korea’s increasing use of digital ways to earn money. The focus of the measures is on stopping cyber-attacks that provide funds for the banned weapons program.

Jeanine Pirro, the U.S. Attorney, noted that sanctions are essential and declared that anyone helping North Korea to circumvent financial programs around the globe will be targeted. She stated that the department would carry out actions against people who supported illegal activities.

It demonstrates that North Korea uses fake names, cryptocurrencies, and AI to escape international sanctions. They are doing all they can to block these schemes and stop them from supporting additional weapons-related activities.

Also Read: Robert Kiyosaki Predicts 2025 Crash After Shocking US Credit Downgrade