Four North Korean remote workers indicted in Atlanta fraud scheme

The Northern District of Georgia today unsealed a five-count wire fraud and money laundering indictment against four North Korean remote workers.

According to a news release, the four schemed to steal virtual currency, valued at over $900,000 at the time of the thefts, and to launder proceeds of those thefts. The defendants concealed their North Korean identities from two separate companies by providing false identification documents that contained stolen and fake identity information.

The four charged are Kim Kwang Jin (김관진), Kang Tae Bok (강태복), Jong Pong Ju (정봉주) and Chang Nam Il (창남일).

In 2020 and 2021, Kim Kwang Jin and Jong Pong Ju (both using an alias) were hired by a blockchain research and development company headquartered in Atlanta and a virtual token company based in Serbia. Later, on a recommendation from Jong Pong Ju, the Serbian company hired Chang Nam Il, who was also using an alias.

After gaining their employers’ trust, Kim Kwang Jin and Jong Pong Ju were assigned projects that provided them access to their employers’ virtual currency assets. In February 2022, Jong Pong Ju used that access to steal virtual currency worth approximately $175,000 at the time of the theft, sending it to a virtual currency address he controlled.

In March 2022, Kim Kwang Jin stole virtual currency worth approximately $740,000 at the time of theft by modifying the source code of two of his employer’s smart contracts, then sending it to a virtual currency address he controlled.

To launder the funds after the thefts, Kim Kwang Jin and Jong Pong Ju “mixed” the stolen funds, using the virtual currency mixer Tornado Cash, and then transferred the funds to virtual currency exchange accounts controlled by Kang Tae Bok and Chang Nam Il but held in the names of aliases. These accounts were opened using fraudulent Malaysian identification documents.

According to the indictment, the defendants traveled to the United Arab Emirates on North Korean travel documents, along with other individuals, and worked together as a team.

Neither of the victim companies in this investigation would have hired the individuals had they known they were North Korean citizens.

FBI Atlanta is warning the public about the threat of North Korean citizens who often apply for Remote IT roles as blockchain developers. These individuals often use multiple fake names, identity cards, and social media accounts to gain employment at numerous copmpanies.

Companies looking to hire Remote IT workers, especially for blockchain development, are encouraged to apply additional layers of scrutiny to their interview and hiring processes for Remote IT workers.

The announcement of the indictments came at the U.S. Justice Department announced coordinated actions against the North Korean government’s scheme to fund its regime through remote information technology (IT) work for U.S. companies.

The post Four North Korean remote workers indicted in Atlanta fraud scheme appeared first on Rough Draft Atlanta.