In a sweeping federal crackdown, the U.S. Justice Department has unveiled two indictments exposing how North Korean operatives and American accomplices carried out a vast fraud scheme that siphoned millions from top U.S. companies — all to bankroll North Korea’s nuclear weapons ambitions secretly.
The plot, according to prosecutors, revolved around trained North Korean IT workers posing as U.S. citizens to land remote jobs at more than 100 companies, including Fortune 500 giants. Using stolen American identities and a network of U.S.-based “front companies” like Independent Lab, they duped employers into shipping laptops and paying wages, which conspirators like New Jersey’s Zhenxing “Danny” Wang funneled overseas. Wang and others ran so-called “laptop farms” from their homes, enabling North Korean workers to access corporate networks remotely.
Authorities allege the network raked in at least $5 million through this scheme alone. In a parallel operation, four North Korean nationals allegedly infiltrated U.S. crypto firms using fake IDs, then manipulated smart contracts to steal nearly $1 million in digital currency. The stolen crypto was laundered through Tornado Cash, a mixing service that obscures digital money trails, before being funneled back to North Korea’s regime.
The FBI says these North Korean IT worker scams generate up to $600 million yearly, funding weapons and missile programs. Alarmingly, the scheme compromised sensitive data at a California defense contractor, posing clear national security risks.
Officials warn companies hiring remote workers to stay vigilant. “North Korea exploits our trust to finance weapons that threaten global security,” said Assistant Attorney General John Eisenberg. The FBI pledged to hunt conspirators relentlessly — in the U.S. or abroad — who help North Korea slip through the cracks of the digital economy.