• The DOJ is moving to seize more than US$15 million (AU$22.95 million) in USDT linked to North Korea’s APT38 hacking unit, following FBI seizures earlier this year.
  • Five individuals have pleaded guilty to enabling North Korean IT workers to infiltrate U.S. companies using stolen identities and remote-hosted corporate laptops.
  • Authorities say more than 136 companies were affected, over US$2.2 million (AU$3.37 million) flowed to the DPRK, and additional tracing of stolen crypto from major 2023 hacks continues.

The US Department of Justice has taken steps to secure the forfeiture of more than US$15 million (AU$22.95 million) in USDT stolen during a string of heists attributed to North Korea’s APT38 hacking group. These assets were seized by the FBI in March 2025 and are now the focus of two civil complaints filed in the District of Columbia, which seek legal authority to retain the funds and allocate them back to victims once proceedings conclude. 

Hostile nation-states raising funds for illicit programs by stealing from digital asset exchanges threatens both [our national and economic security]. The Criminal Division is steadfast in its determination to forfeit ill-gotten gains from bad actors and return funds to victims.

Matthew R. Galeotti, Acting Assistant Attorney General of The Justice Department’s Criminal Division.

The USDT is tied to four 2023 attacks on virtual currency platforms located in Estonia, Panama and Seychelles, where APT38 operators allegedly extracted tens of millions of dollars from payment processors and exchanges. Authorities noted that investigative work remains active, as APT38 continues attempting to move additional stolen funds across crypto bridges, exchanges and OTC channels.

Related: North Korean Operatives Exposed in $680K Crypto Heist on Favrr

Further Findings from Investigators

In parallel to the forfeiture action, the DOJ revealed that five individuals have pleaded guilty for helping North Korean IT workers gain fraudulent access to American companies. The group included four US nationals – Audricus Phagnasay, Jason Salazar, Alexander Paul Travis and Erick Ntekereze Prince – who admitted supplying their identities and hosting employer laptops for remote operation by North Korean workers. 

These arrangements enabled the workers to bypass location checks and appear to be completing their duties from inside the US. Ukrainian national Oleksandr Didenko separately confessed to stealing US citizens’ identities and selling them to North Korean IT operatives, facilitating their fraudulent hiring at 40 American firms.

The combined schemes touched more than 136 companies, generated upwards of US$2.2 million (AU$3.37 million) for the DPRK and exposed the identities of over 18 US citizens. 

US officials have repeatedly warned that North Korea relies heavily on both remote IT worker networks and crypto theft to fund state priorities, with earlier advisories noting that individual IT contractors can earn as much as US$300,000 (AU$459,000) annually for DPRK-linked organisations. 

Blockchain analysts have also estimated that more than US$2 billion (AU$3.06 billion) in crypto has been stolen by North Korean actors in 2025 to date, highlighting the scale of the operation.

Related: Scammers Exploit Australia’s Cybercrime Hotline to Impersonate Police and Steal Crypto

The post DOJ Moves to Seize US$15M in Stolen USDT as North Korean Crypto Hackers Face Crackdown appeared first on Crypto News Australia.