Four North Koreans have been indicted for stealing nearly $1 million in cryptocurrency from companies in Georgia and Serbia after hiding their identities to get remote IT jobs.
💼 Why It Matters: These hackers used stolen identities and fake documents to infiltrate legitimate companies, showing how vulnerable remote hiring processes can be to sophisticated foreign threats.
🔍 The Scheme Revealed: The four defendants – Kim Kwang Jin, Jong Pong Ju, Kang Tae Bok, and Chang Nam Il – posed as remote blockchain developers using stolen identities and fake documents. After gaining their employers’ trust, they accessed and stole cryptocurrency worth approximately $915,000.
💰 How They Did It: Kim and Jong were hired by companies in Atlanta and Serbia after providing false identification. They then:
- Gained access to their employers’ cryptocurrency assets
- Modified source code to steal funds
- Laundered the stolen money through cryptocurrency mixers
- Transferred funds to accounts controlled by their accomplices
🚨 Warning Signs: FBI Atlanta is urging companies to strengthen their remote hiring practices, especially for blockchain positions. The defendants traveled together in the UAE using North Korean documents and worked as a coordinated team.
🛡️ Protect Your Business: The FBI recommends several precautions:
- Implement stronger identity verification during hiring
- Cross-check applicants for duplicate information
- Be wary of AI-generated faces during video interviews
- Verify third-party staffing firms’ practices
- Ask detailed questions about location and background
If you suspect you’ve encountered North Korean IT workers, report it immediately to the FBI’s Internet Crime Complaint Center at www.IC3.gov.