The US Treasury has imposed new sanctions about a group of North Korean bankers and institutions accused of laundering millions in cryptocurrencies linked to cyberattacks and illicit IT schemes that help finance Pyongyang’s weapons programs.
The Office of Foreign Assets Control (OFAC) said on Tuesday that eight individuals and two entities were designated for “laundering funds derived from cybercrimes and information technology worker fraud,” including proceeds linked to ransomware and cryptocurrency thefts.
“North Korean state-sponsored hackers steal and launder money to fund the regime’s nuclear weapons program,” Treasury Under Secretary for Terrorism and Financial Intelligence John K. Hurley said in a news release.
Last month, blockchain analytics firm Elliptic reported that North Korean hackers had stolen more than $2 billion in cryptocurrency by 2025, underscoring the regime’s growing reliance on digital assets.
According to the Treasury, hackers linked to the DPRK use advanced malware, phishing campaigns and social engineering to breach companies and cryptocurrency exchanges. Recent CoinDesk research also found that North Korean hackers are increasingly leveraging artificial intelligence to automate and scale their attacks.
The sanctioned network allegedly relied on cryptocurrency transactions and shell companies to conceal the flow of illicit funds. Two North Korean bankers, Jang Kuk Chol and Ho Jong Son, managed at least $5.3 million in cryptocurrencies linked to the OFAC-designated First Credit Bank, funds linked to a ransomware group that previously targeted American victims and laundered profits from DPRK IT workers abroad.
OFAC said both men were designated under multiple executive orders for supporting cyber activities and commercial operations that generate revenue for the North Korean government.
The Treasury also targeted the Korea Mangyongdae Computer Technology Company (KMCTC), which operates IT worker branches in Shenyang and Dandong, China. The KMCTC and its chairman, U Yong Su, allegedly used Chinese nationals as bank representatives to disguise the origins of funds obtained by DPRK IT workers abroad.
Tuesday’s actions extend to Ryujong Credit Bank, accused of facilitating international transfers for North Korean entities involved in sanctions evasion and cryptocurrency laundering.
OFAC said the designations reinforce U.S. efforts to “cut off illicit revenue streams” that fuel North Korea’s weapons programs and cyber operations that threaten the global digital economy.
