The US Department of Justice is moving to seize more than $15 million in USDT linked to North Korean hackers, part of a broader effort to disrupt Pyongyang’s growing dependence on crypto theft and illicit IT work to fund its sanctioned programs.
Key Takeaways:
The DOJ is seeking to seize over $15 million in USDT tied to North Korean hacking group APT38.
The funds were traced to four major 2023 crypto platform breaches and were first seized by the FBI in March 2025.
Five individuals in the US also pleaded guilty to aiding North Korean IT workers in infiltrating American companies.
The action, announced Friday, includes two civil forfeiture complaints covering $15.1 million in Tether stolen during a series of 2023 attacks attributed to North Korea’s Advanced Persistent Threat 38 (APT38), a state-backed hacking unit known for targeting global crypto firms.
FBI Seeks to Forfeit Seized USDT Tied to 2023 Crypto Hacks
Federal investigators traced the digital assets to funds stolen from four virtual currency platforms in 2023.
The FBI initially seized the USDT in March 2025 and is now seeking court approval to permanently forfeit the assets so they can be returned to victims.
The DOJ did not identify the specific hacked platforms, though its timeline aligns closely with several major incidents that year, including the $100 million Poloniex breach in November 2023, the $37 million CoinsPaid hack that July, the Alphapo payments attack, which the DOJ estimates at approximately $100 million, and another November 2023 theft of about $138 million from a Panama-based exchange.
The DOJ has not confirmed which of these cases fall under the forfeiture actions.
According to the announcement, North Korean operatives continued to launder stolen funds through a patchwork of mixers, cross-chain bridges, crypto exchanges, and OTC brokers.
“Efforts to trace, seize, and forfeit related stolen virtual currency remain ongoing, as the APT38 actors continue to launder such funds,” the DOJ said.
The enforcement push doesn’t stop at the hackers. The DOJ also revealed it secured guilty pleas from five individuals who helped North Korea infiltrate US companies through fraudulent remote IT work, a scheme that has become a central revenue stream for Pyongyang.
Four US citizens, including Audricus Phagnasay (24), Jason Salazar (30), Alexander Paul Travis (34), and Erick Ntekereze Prince (38), admitted to wire fraud conspiracy after providing their identities to North Korean IT workers and allowing company-issued laptops to be operated from inside their homes.
The setup was designed to make it appear these workers were based in the United States, giving them access to US corporate networks.
Ukrainian Pleads Guilty to Selling Stolen U.S. Identities to North Korea
In a separate plea, Ukrainian national Oleksandr Didenko admitted to wire fraud conspiracy and aggravated identity theft.
He stole US citizens’ identities and sold them to North Korean IT operatives, helping them secure roles at 40 companies. Didenko agreed to forfeit more than $1.4 million.
In total, the schemes touched 136 US companies, generated more than $2.2 million for the North Korean government, and compromised over 18 Americans’ identities.
Officials have repeatedly warned that North Korean IT workers can earn up to $300,000 per year, collectively funneling hundreds of millions of dollars into programs overseen by the regime’s Ministry of Defense.
North Korea’s crypto theft operations have surged in 2025, with hackers stealing more than $2 billion so far this year, according to blockchain analytics firm Elliptic.
The post US DOJ Seeks to Seize $15M in USDT Tied to North Korean Hackers appeared first on Cryptonews.
