US Department of Justice Seeks to Seize $15 Million in USDT Linked to North Korean Hackers
The US Department of Justice has announced its intention to seize over $15 million worth of USDT, a cryptocurrency, linked to North Korean hackers. This move is part of a broader effort to curb Pyongyang’s growing reliance on crypto theft and illegal IT work to fund its sanctioned programs. The lawsuit includes two civil forfeiture claims related to $15.1 million worth of Tether stolen during a series of attacks in 2023 attributed to North Korea’s Advanced Persistent Threat 38 (APT38), a state-backed hacking unit known for targeting global crypto firms.
FBI Seeks to Forfeit Seized USDT Linked to Crypto Hacks in 2023
Federal investigators traced the digital assets to funds stolen from four virtual currency platforms in 2023. The FBI initially seized the USDT in March 2025 and is now seeking court approval to permanently retain the assets so they can be returned to victims. The DOJ has not identified the specific platforms hacked, although its timeline closely matches several major incidents this year, including the $100 million Poloniex breach in November 2023, the $37 million CoinsPaid hack in July, the Alphapo payment attack, which the DOJ estimates at about $100 million, and another theft of about $138 million from a Panama-based company stock market in November 2023.
North Korean Hackers’ Methods and Schemes
According to the announcement, North Korean agents continued to launder stolen funds through a patchwork of mixers, cross-chain bridges, crypto exchanges, and OTC brokers. “Efforts to locate, seize, and forfeit related stolen virtual currencies continue as APT38 actors continue to launder such funds,” the DOJ said. The enforcement push does not stop at the hackers. The Justice Department also said it had secured guilty pleas from five people who helped North Korea infiltrate U.S. companies through fraudulent IT remote work, a scheme that has become a key source of revenue for Pyongyang.
Guilty Pleas and Consequences
Four U.S. citizens, including Audricus Phagnasay, 24, Jason Salazar, 30, Alexander Paul Travis, 34, and Erick Ntekereze Prince, 38, admitted to conspiring to commit wire fraud after revealing their identities to North Korean IT employees and allowing company-issued laptops to be operated from home. In a separate plea, Ukrainian citizen Oleksandr Didenko admitted to conspiracy to commit wire fraud and aggravated identity theft. He stole the identities of U.S. citizens, sold them to North Korean IT workers, and helped them secure jobs at 40 companies. Didenko agreed to forfeit more than $1.4 million.
In total, the schemes affected 136 U.S. companies, netted the North Korean government more than $2.2 million, and compromised the identities of over 18 Americans. Officials have repeatedly warned that North Korean IT workers can earn up to $300,000 a year and in total funnel hundreds of millions of dollars into programs overseen by the regime’s defense ministry. According to blockchain analytics firm Elliptic, North Korea’s crypto theft operations have surged in 2025, with hackers stealing more than $2 billion so far this year.
For more information, visit the source link: https://cryptonews.com/news/us-doj-seeks-to-seize-15m-in-usdt-tied-to-north-korean-hackers/
