OFAC sanctioned six individuals and two entities tied to North Korea’s $800M crypto-funded IT worker fraud scheme supporting DPRK weapons programs in March 2026.
The U.S. Treasury moved fast. March 12, 2026. Six individuals. Two entities. All sanctioned.
The Office of Foreign Assets Control, better known as OFAC, tied each name to North Korean IT worker fraud schemes. Nearly $800 million was generated in 2024 alone, the Chainalysis team confirmed. Every dollar is funneled toward DPRK weapons programs.
Must Read: US Sanctions Network Linked to $800M North Korean Crypto Scheme
Workers hid behind stolen identities. Fake documentation. Fabricated profiles. They landed jobs at real companies, including U.S. firms. Pyongyang then took most of what they earned.
The Vietnam Connection Nobody Saw Coming
Nguyen Quang Viet ran currency conversions out of Vietnam. His company, Quangvietdnbg International Services Company Limited, handled the dirty work. Between mid-2023 and mid-2025, Nguyen converted roughly $2.5 million into crypto. OFAC said so directly.
Those funds tied back to Amnokgang Technology Development Company. A DPRK firm. Been around since 1982. It manages overseas IT worker delegations and other procurement activities.
Seven Amnokgang addresses got designated today. Spread across Ethereum and Tron. Chainalysis labeled all of them immediately inside its product suite.
You Might Also Like: OFAC Sanctions Crypto Scam Rings in Myanmar and Cambodia
Yun Song Guk led a separate cell. North Korean IT workers, operating out of Boten, Laos. At least since 2023. Two Ethereum addresses linked to Yun, both now designated.
Hoang Minh Quang handled transactions with Yun. Over $70,000 total. Connected to IT services payments. One Bitcoin address is designated on his end.
Wallets Across Three Blockchains
Twenty-one cryptocurrency addresses got designated in this single action. Ethereum. Tron. Bitcoin. That multi-chain spread is deliberate, Chainalysis noted. DPRK operatives use it to obscure movement.
Reactor graph data told another story. Amnokgang addresses received downstream funds from a suspected North Korean hack. The operation runs deeper than IT fraud alone.
Previously designated Sim Hyon Sop also got updated. China-based. A representative for Korea Kwangson Banking Corp. Eleven new cryptocurrency addresses added to his record across the Ethereum and Tron networks.
You Might Also Like: South Korea Targets North Korean Hackers With Sanctions
The IT worker angle is only part of it. These workers also planted malware inside company networks. Extracted proprietary data. Then, they used that data to extort businesses for additional payments. Chainalysis documented the pattern across multiple incidents.
North Korea’s broader crypto activity stretches further back. The Lazarus Group ran some of the largest heists on record. Ransomware attacks. State-backed theft at scale. All are feeding the same weapons budget.
Southeast Asia Is the Hotspot
Enhanced due diligence is now critical. Especially for crypto services operating across Vietnam, Laos, and neighboring countries. OFAC flagged that directly. Chainalysis echoed it.
Compliant exchanges, hosted wallets, DeFi services, cross-chain bridges. The sanctioned networks touched all of them. No single platform or chain was off-limits to DPRK operatives.
The FBI’s January 2025 Public Service Announcement outlines the red flags. The May 2022 joint IT Worker Advisory from State, Treasury, and Justice does the same. Crypto businesses are expected to screen against both.
Twenty-one addresses. Six individuals. One pattern. North Korea has been pulling this off for years.
