Four North Koreans Charged in Nearly $1 Million Cryptocurrency Theft Scheme

ATLANTA - Four North Korean nationals, Kim Kwang Jin (김관진), Kang Tae Bok (강태복), Jong Pong Ju (정봉주), and Chang Nam Il (창남일), have been charged in a five-count wire fraud and money laundering indictment arising from a scheme to be hired as remote IT workers and then steal and launder over $900,000 in virtual currency.

“The defendants used fake and stolen personal identities to conceal their North Korean nationality, pose as remote IT workers, and exploit their victims’ trust to steal hundreds of thousands of dollars,” said U.S. Attorney Theodore S. Hertzberg. “This indictment highlights the unique threat North Korea poses to companies that hire remote IT workers and underscores our resolve to prosecute any actor, in the United States or abroad, who steals from Georgia businesses.”

“These schemes target and steal from U.S. companies and are designed to evade sanctions and fund the North Korean regime’s illicit programs, including its weapons programs,” said John A. Eisenberg, Assistant Attorney General for the Department’s National Security Division. “The Justice Department, along with our law enforcement, private sector, and international partners, will persistently pursue and dismantle these cyber-enabled revenue generation networks.”

“North Korean operatives used false identities to infiltrate companies and steal digital assets to fund their regime,” said Paul Brown, Special Agent in Charge of FBI Atlanta. “The FBI is committed to exposing these threats and protecting U.S. businesses from nation-state cybercrime.”

According to U.S. Attorney Hertzberg, the indictment, and other information presented in court: To generate revenue for the regime, the Democratic People’s Republic of Korea (“North Korea” or “DPRK”) dispatches thousands of skilled IT workers around the world to deceive and infiltrate American companies. In October 2019, the defendants traveled to the United Arab Emirates on North Korean documents and worked there as a team. In approximately December 2020 and May 2021, respectively, Kim Kwang Jin (using victim P.S.’s stolen identity) and Jong Pong Ju (using the alias “Bryan Cho”) were hired as developers by an Atlanta, Georgia-based blockchain research and development company and a Serbian virtual token company. Both defendants concealed their North Korean identities from their employers by providing false identification documents containing a mix of stolen and fraudulent identity information. Neither company would have hired Kim Kwang Jin or Jong Pong Ju had it known the defendants were North Korean citizens. Later, on a recommendation from Jong Pong Ju, the Serbian company hired “Peter Xiao,” who in fact was Chang Nam Il.

After gaining their employers’ trust, Kim Kwang Jin and Jong Pong Ju were assigned projects that provided them access to their employers’ virtual currency assets. In February 2022, Jong Pong Ju used that access to steal virtual currency then worth approximately $175,000. In March 2022, Kim Kwang Jin stole virtual currency then worth approximately $740,000 by modifying the source code of two of his employer’s smart contracts.

To launder the funds after the thefts, Kim Kwang Jin and Jong Pong Ju used a virtual currency mixer and then transferred the funds to virtual currency exchange accounts controlled by defendants Kang Tae Bok and Chang Nam Il but held in the names of aliases.  The accounts were opened using fraudulent Malaysian identification documents.

Kim Kwang Jin (김관진), Kang Tae Bok (강태복), Jong Pong Ju (정봉주), and Chang Nam Il (창남일) were indicted by a federal grand jury seated in the Northern District of Georgia on June 24, 2025.

Members of the public are reminded that the indictment only contains charges.  The defendants are presumed innocent of the charges, and the government bears the burden to prove the defendants’ guilt beyond a reasonable doubt at trial.

This case is being investigated by the Federal Bureau of Investigation. It is part of the Department of Justice’s DPRK RevGen: Domestic Enabler Initiative. Under the Initiative, launched by the National Security Division and FBI Cyber and Counterintelligence Divisions in March 2024, federal prosecutors and agents prioritize high-impact, strategic, and unified enforcement and disruption operations targeting the DPRK’s illicit revenue generation efforts and the U.S.-based enablers of those efforts.

Assistant United States Attorneys Samir Kaushal and Alex R. Sistla, and Trial Attorney Jacques Singer-Emery of the National Security Division’s National Security Cyber Section, are prosecuting the case.

For further information please contact the U.S. Attorney’s Public Affairs Office at USAGAN.PressEmails@usdoj.gov or (404) 581-6185.  The Internet address for the U.S. Attorney’s Office for the Northern District of Georgia is http://www.justice.gov/usao-ndga