Crypto Heist & The DOJ’s US $15 Million Seizure: A Wake-Up Call for the Digital-Asset Thieves

In a sign of escalating pressure on cryptocurrency cyber thieves, the United States, Department Of Justice is moving to seize more than US $15 million (AU $22.95 million) in Tether (USDT) that investigators say were stolen by the North Korean hacking unit known as APT38.

Allegedly the funds comprise part of a multi heist campaign in 2023 targeting virtual currency platforms in Estonia, Panama and the Seychelles.

The stolen USDT ties back to four separate 2023 attacks on crypto exchanges or payment processors in jurisdictions such as Estonia, Panama and the Seychelles in which operators linked to APT38 allegedly extracted “tens of millions of dollars”.

The FBI reportedly seized the funds in March 2025 and the DOJ has since filed two civil complaints in the U.S. District Court for the District of Columbia seeking legal authority to retain these assets and eventually distribute them back to victims.

image source

Five Arrested On U.S Soil Working For North Korea

Five individuals have pleaded guilty to aiding North Korean IT workers to infiltrate U.S. companies. Four U.S. nationals Audricus Phagnasay, Jason Salazar, Alexander Paul Travis and Erick Ntekereze Prince admitted supplying their identities and provisioning corporate laptops so North Koreans could work remotely as though they were based in the U.S. A Ukrainian national, Oleksandr Didenko, confessed to stealing U.S. citizens’ identities and selling them to North Korean IT operators (enabling fraudulent hiring at 40 American firms).

According to the DOJ factsheet, the scheme impacted more than 136 companies, generated more than US 2.2 million (AU $3.37 million) flowing to the DPRK (North Korea) and exposed the identities of 18+ U.S. citizens. These revelations provides further insight into the growing sophistication of North Korea’s hybrid fraud + crypto theft model.

Uncle Sam To The Rescue

Nation state crypto theft & sanctions evasion by APT38 is widely recognised as North Korea’s financial cyber arm and is allegedly being tasked with raising hard currency for the regime via criminal activity.

The fact the DOJ is seizing stablecoins (USDT) directly highlights that the stablecoin ecosystem is now firmly in the cross hairs of state sponsored asset theft.

The recent rise of remote work fraud & crypto laundering using identity and laptop farming scheme combines traditional corporate infiltration (via remote work, stolen identities, fake front companies) with crypto payment flows (stablecoins, token swaps, bridges). The June 2025 DOJ press release noted that North Korean IT workers gained employment with U.S. companies, received salaries often in stablecoins, then laundered the earnings.

The United states continues to lead asset recovery and victim restitution with the civil forfeiture complaints designed not just to punish but to forfeit the illicit gains and return them to victims. As Acting Assistant Attorney General Matthew R. Galeotti put it: “The Department is steadfast in its determination to forfeit ill gotten gains from bad actors and return funds to victims.”

Growing enforcement footprint in crypto: While the US $15 million figure isn’t a small amount, these funds reside alongside much larger scale actions for example the DOJ’s June 2025 filing to seize US 225.3 million in USDT tied to global “confidence fraud” or “pig butchering” schemes.

Remote work and identity theft has a new risk added with the model of hiring remote IT workers from high risk jurisdictions, using stolen or fake identities, paying them in crypto or stablecoins, then laundering proceeds is new and Governments will need to ensure employment legislation covers this

image sources provided supplemented by Canva Pro Subscription. This is not financial advice and readers are advised to undertake their own research or seek professional financial services.

Posted Using INLEO