One of the most elaborate cryptocurrency scams has been revealed, masterminded by operatives from North Korea, after a series of coordinated arrests in 16 different states. As detailed here, the scheme included the theft of almost $1 million worth of cryptocurrency from an Atlanta-based blockchain startup. The U.S. Government has charged four men for their involvement in the complex scheme.

The four techies, whose true identities were hidden from the company, pretended to be offshore IT developers to get into the company. By leveraging the administrations of these false and stolen identities, they were able to avoid detection of their North Korean citizenship and infiltrate sensitive and key systems. In total, the stolen funds came to nearly $1 million, and they were subsequently laundered through complex methods to conceal their origin.

As one of the agents, Kim was able to take advantage of vulnerabilities in the source code of smart contracts to make off with $740,000. Those funds were later laundered through mixers, a process which obscures the trail of the crypto entirely. Following the laundering, the money was sent to exchange accounts owned by Kang and Chang. Most of these accounts were opened with fake Malaysian identification cards.

Prosecutor’s investigations uncovered that the North Korean agents had first set up shop in the United Arab Emirates in 2019. They followed this up by smartly targeting job opportunities at high-growth potential companies in the cryptocurrency and blockchain industry. After graduating, between late 2020 and mid-2021, Kim was able to get hired by a blockchain startup in Atlanta. In actuality, Jong landed a gig with a virtual token startup in Serbia. In order to gain access to the positions, Kim and Jong filed fraudulent application materials with their stolen and fake identification.

Jong diverted about $175,000 in crypto in February 2022. This theft opened the door for law enforcement to see the magnitude of the group’s illegal operation.

In reaction to these findings, federal agents launched a series of coordinated raids spanning 16 states. The raids most effectively targeted nearly 30 financial accounts and shut down over 20 fraudulent websites. They rescued nearly 200 computers from improvised “laptop farms.” This unified approach highlights the U.S. government’s determination to fight crimes conducted through cryptocurrency and ensure these criminals face justice.