U.S. Sanctions North Korean Cyber Facilitator Linked to Crypto Laundering

The U.S. Treasury Department has added North Korean national Song Kum Hyok to its Specially Designated Nationals (SDN) list, identifying him as a key figure behind cybercrime and illicit cryptocurrency schemes linked to Pyongyang. The Office of Foreign Assets Control (OFAC) alleges that Song facilitated the global placement of North Korean IT workers who generated funds for the regime through fraudulent employment and cyber exploitation.

These operatives, often embedded in technology and crypto firms worldwide, are accused of siphoning revenue back to North Korea and, in some cases, infiltrating systems to conduct major cyberattacks. While Tuesday’s announcement didn’t cite specific wallet addresses or individual hacks, it reaffirmed previous U.S. actions against the notorious Lazarus Group—blamed for high-profile crypto heists, including the $625 million Axie Infinity hack and this year’s $1.5 billion Bybit theft.

The Treasury emphasized that DPRK IT workers frequently engage in virtual currency development and exploit crypto exchanges to launder illicit proceeds. Ari Redbord of TRM Labs noted that Song operates as an enabler, not a direct hacker, but is vital to sustaining North Korea’s cyber-financial operations. He highlighted Song’s coordination of operatives from China and Russia, underscoring a broader geopolitical alignment.

This move reflects an ongoing crackdown on North Korea’s use of decentralized finance tools and anonymous platforms to bypass sanctions. Experts warn that hiring remote developers without thorough vetting can open the door to state-backed exploitation. The crypto industry remains a prime target for DPRK’s revenue-generation schemes, and U.S. authorities are intensifying efforts to disrupt these networks at both the technical and organizational levels.