Arizona influencer assists North Korean infiltration, operates 'laptop farm' to deceive 300 U.S. companies.
The U.S. Department of Justice announced last Thursday (7/24) that Arizona TikTok influencer Christina Marie Chapman was sentenced to 8.5 years in federal prison for assisting North Korean agents in infiltrating U.S. cryptocurrency and tech companies using stolen identities and forged documents. The U.S. Attorney's Office for the District of Columbia stated that Chapman was found guilty of conspiracy to commit wire fraud, aggravated identity theft, and conspiracy to commit money laundering.
The prosecutor pointed out that Chapman collaborated with North Korean (DPRK) agents to help them obtain remote IT positions at over 300 U.S. companies. These North Korean workers disguised themselves as American citizens and residents, and the entire scheme generated over $17 million in illegal income. Chapman pleaded guilty on February 11 of this year and, in addition to imprisonment, was ordered to undergo 3 years of supervised release, forfeit over $284,000 in related funds, and pay nearly $177,000 in restitution.
This freelancer and influencer, who has over 100,000 TikTok followers, was initially contacted by North Korean agents through LinkedIn. Around 2020, she operated a 'laptop farm' from her home, hosting computer equipment sent by companies so that IT workers could access it remotely while appearing to work within the United States. Authorities stated that she also shipped 49 devices to overseas locations, including multiple packages sent to Chinese cities near North Korea, and law enforcement seized over 90 laptops from her home.
Source: U.S. Department of Justice Christina Marie Chapman operating a 'laptop farm' from her home.
Identity theft fraud in the tax system, involving amounts that set records for the Department of Justice.
This case is one of the largest North Korean IT worker schemes prosecuted by the U.S. Department of Justice, involving the theft of identities of 68 Americans, defrauding 309 U.S. companies and 2 international companies. Using stolen or borrowed identities, North Korean agents garnered millions of dollars, with salaries disbursed via direct deposits or forged payroll checks. Chapman assisted in laundering the money through her accounts and then transferring the funds overseas, falsely reporting these earnings to the IRS and Social Security Administration under the names of real U.S. citizens.
Over several years, she assisted North Korean workers in obtaining positions at over 300 U.S. companies, including Fortune 500 companies, major television networks, aerospace manufacturers, and Silicon Valley tech firms. Three North Koreans charged alongside Chapman are currently still at large.
FBI Assistant Director for Counterintelligence Roman Rozhavsky stated in a statement: 'The North Korean regime has raised millions of dollars for its nuclear program by harming American citizens, businesses, and financial institutions. Even a seasoned adversary like the North Korean government cannot succeed without the cooperation of an American citizen willing to assist, like Christina Chapman.'
According to Chainalysis data, North Korean-linked hackers stole $1.34 billion in cryptocurrency in 2024, a 21% increase from the previous year. Cryptocurrency platforms have become frequent targets because embedded workers are the regime's way of discovering security vulnerabilities and attacking corporate crypto wallets.
North Korea's infiltration methods are becoming increasingly sophisticated, posing legal risk challenges for businesses.
North Korean agents employ various deception techniques to cover their origins, including using VPNs, impersonating individuals from other countries, and hiring others to conduct initial job interviews. Fraser Edwards, CEO of the UK company Cheqd, noted that the company has experienced several infiltration attempts and observed several warning signs pointing to North Korean involvement.
'Our CTO reviewed some interview test recordings, and when this apparent European candidate switched between windows, Korean characters appeared there. Another warning sign is that the IP addresses are always routed through proxy servers; they deliberately attempt to hide their identities.'
Edwards and others stated that North Koreans now use European actors to handle early interviews or screening calls, making detection more difficult. Even when discovered, they usually quickly switch to new false identities or positions. Some legal experts warn that companies hiring fraudulent workers may be liable under U.S. sanctions law, even if they are unaware of the workers' true identities.
Aaron Brogan, a U.S. lawyer focused on cryptocurrency, stated that the U.S. sanctions system is 'quite broad and implements a strict liability regime,' meaning anyone participating in sanction activities, regardless of knowledge, is technically liable.
Niko Demchuk, legal chief of cryptocurrency compliance company AMLBot, also pointed out that payments to North Korean developers 'typically violate U.S. Treasury Department's Office of Foreign Assets Control (OFAC) regulations,' and companies involved in such activities face risks of civil penalties, criminal fines, reputational damage, secondary sanctions, and violations of banking or export controls.
'North Korean hackers use fake identities to infiltrate U.S. companies! TikTok influencer becomes an accomplice, sentenced to 8.5 years' was first published in 'Crypto City.'