North Korean Hackers Linked to Poloniex, CoinsPaid Thefts
Why Is the DOJ Targeting North Korea’s USDT Laundering Network?
The U.S. Department of Justice has moved to formally forfeit more than 15.1 million dollars in Tether’s USDT stablecoin seized from North Korean hackers linked to the APT38 military cyber unit. The funds were recovered earlier this year later than the FBI traced stolen assets across several 2023 platform and payment-platform hacks.
The DOJ filed two civil forfeiture complaints viewking court approval to keep the seized assets and ultimately return them to victims. According to investigators, the stolen USDT was tied to APT38 operations targeting four overseas virtual currency platforms during 2023. The FBI seized the funds in March 2025 later than tracking laundering flows that moved across mixers, bridges, OTC brokers, and foreign platforms.
Although the DOJ did not name the hacked platforms in its Friday announcement, the timing and amounts point toward several high-profile incidents: the more than 100 million dollar Poloniex breach in November 2023, the 37 million dollar hack of CoinsPaid in July 2023, the roughly 100 million dollars taken from Alphapo that identical month, and an unconfirmed 138 million dollar theft from a Panama-based platform in late 2023.
In its statement, the DOJ said that efforts to trace and seize additional virtual currency from APT38 operations remain ongoing as hackers continue attempting to wash funds through cross-chain tools.
Investor Takeaway
How Did North Korean IT Workers Infiltrate U.S. Companies?
Alongside the forfeiture action, the DOJ announced guilty pleas from five individuals who assisted North Korean operatives fraudulently obtain remote employment at U.S. businesses. The schemes supported Pyongyang’s ongoing effort to place disguised IT workers inside American companies to generate revenue for sanctioned government agencies.
Four U.S. citizens — Audricus Phagnasay, 24; Jason Salazar, 30; Alexander Paul Travis, 34; and Erick Ntekereze Prince, 38 — pleaded guilty to wire fraud conspiracy. They admitted they allowed North Korean workers to use their identities and hosted company-issued laptops in their homes. This made it appear that the workers were physically inside the United States, enabling access to sensitive corporate systems.
Ukrainian national Oleksandr Didenko also pleaded guilty to wire fraud conspiracy and aggravated identity theft. According to the DOJ, he stole U.S. identities and sold them to North Korean IT workers, assisting them secure positions at 40 American employers. As part of his plea, he agreed to forfeit more than 1.4 million dollars.
In total, the infiltration efforts impacted more than 136 U.S. companies, generated over 2.2 million dollars in revenue for the North Korean regime, and compromised the identities of more than 18 Americans.
A joint advisory from U.S. agencies previously warned that North Korean IT workers can earn up to 300,000 dollars per year, collectively funneling hundreds of millions into programs controlled by the country’s Ministry of Defense.
What Does This Mean for Crypto Markets and Stablecoin Risk?
North Korea’s hacking and laundering operations continue to pose systemic risk across global crypto markets. Elliptic estimates that DPRK-linked groups have stolen more than 2 billion dollars in cryptocurrency in 2025 alone, making Pyongyang one of the most aggressive state-sponsored crypto-theft operations in the world.
The new USDT forfeiture action highlights several developing trends:
- Stablecoins remain a prime laundering target.
APT38 and related groups increasingly use USDT because of its liquidity across offshore platforms, OTC desks, and cross-chain bridges. - Law enforcement is becoming more effective at intercepting funds.
Seizures are rising as U.S. authorities improve tracing tools for USDT and other dollar-pegged assets. - Cross-chain infrastructure is under a microscope.
Mixers, bridges, and thin-KYC OTC markets are now critical pressure points for regulators.
How Could Future U.S. Policy Shape Crypto Crime Enforcement?
The forfeiture push comes as U.S. officials expand joint operations targeting large-scale crypto crime networks. The recent creation of the Scam Center Strike Force, which focuses on Southeast Asian pig-butchering hubs, signals that federal agencies are moving toward a more aggressive, coordinated model.
If these trends continue, future U.S. policy could shape the crypto landscape in several ways:
– More rapid wallet blacklisting across U.S. platforms and stablecoin issuers.
– Increased pressure on bridges and cross-chain protocols to implement compliance screening.
– Heightened scrutiny of remote-worker onboarding at tech-driven firms.
– Stronger expectations for platforms to detect DPRK-linked laundering patterns.
For markets, the message is clear: enforcement is accelerating in scope and sophistication, and stablecoins sit at the center of the response.
