Precise Targeting
On July 9, the US Treasury Department swiftly sanctioned North Korean citizen Song Kum Hyok, accusing him of forging a US citizen identity and infiltrating North Korean IT personnel into European and American tech companies as 'undercover agents', targeting cryptocurrency and blockchain enterprises.
Industry Black Chain
Fake Identity Production Line: Microsoft just shut down 3,000 forged Outlook accounts from North Korea, uncovering AI face-swapping documents, voice forgery tools, and even a 'professional resume template library'.
New Money Laundering Method: Salaries settled in USDT/USDC, then bought NFTs, transferred on-chain (cross-chain transfer), and laundered through mixers, ultimately flowing into North Korea's missile development accounts.
Global Encirclement
Within half a year, the United States strikes hard twice:
June froze $7.74 million: Seized encrypted assets from North Korean IT workers employed at blockchain companies, including BTC, stablecoins, and even ENS domains.
Transnational Blood Drain: China, Russia, and Laos have become gathering places for North Korean IT workers, with a company in Liaoning sanctioned for providing equipment.
Personal Opinion: This is not ordinary sanctions, but a dimensional reduction strike in the 'on-chain war'. North Korea exploits Web3 vulnerabilities, while the US uses blockchain tracing to cut off the black hands.
In-depth Analysis: The deadly evolution of North Korea's 'IT infiltration bureau'.
Tactical Upgrade: From hacker assaults to 'workplace infiltration'
Traditional Script: The Lazarus Group directly hacks exchanges (e.g., stealing $1.5 billion from Bybit in February 2025).
Fake Identity Applications: North Korean IT workers use AI to forge documents and blend into European and American companies as remote developers, earning $300,000 a month in crypto salaries.
Insider Crime: Stealing code repositories and extorting cryptocurrency after being hired ('no coins, no data leak').
Case Study: A North Korean programmer impersonated a US citizen, joined a Serbian blockchain company, and implanted a backdoor, leading to the theft of $40 million from the Solana ecosystem DEX. The FBI traced the salary USDC to a Pyongyang missile account.
Business Model: A national-level 'crypto sweatshop'
90% Cut: Salaries of North Korean IT workers are forcibly confiscated by the government, leaving only 10% for personal retention.
Annual output value of hundreds of millions of dollars: supporting 75% of the country's ballistic missile research and development costs.
Absurd Reality: American tech companies pay the North Korean government to develop software that is being used to attack themselves!
On-chain Revelation: Three warning bells for the crypto community
Exchanges become 'disaster zones'
North Korean IT workers prefer positions in blockchain companies (accounting for a 60% penetration rate), using internal permissions to bypass risk controls → Beware of 'remote tech experts', background checks must be on-chain!
NFTs and ENS domains become new channels for money laundering
For the first time, the US asset seizure list includes NFTs and ENS domains, as their 'decentralized' properties easily evade regulation → The next round of regulatory focus may target NFT platforms!
Stablecoins become a loophole in sanctions
North Korea pays salaries in USDT/USDC, leveraging its cross-border immediacy → Centralized stablecoin issuers will be forced to strengthen address freezes!
Personal Insight: This cat-and-mouse game exposes the greatest paradox of Web3: we pursue 'anti-censorship', yet become the cash cow for dictators.
