TLDR
The US DOJ has moved to seize over $15 million in Tether (USDT) linked to North Korean hackers.
The stolen funds were traced to four virtual currency platforms compromised in 2023.
The FBI initially seized the USDT in March 2025 and is seeking court approval for permanent forfeiture.
The DOJ’s actions are part of a broader effort to disrupt North Korea’s reliance on crypto theft and illicit activities.
Five individuals, including US citizens, pleaded guilty for helping North Korean operatives infiltrate US companies.
The US Department of Justice (DOJ) has moved to seize over $15 million in Tether (USDT) stolen by North Korean hackers. The funds were part of a series of cyberattacks in 2023, allegedly linked to the North Korean hacker group Advanced Persistent Threat 38 (APT38). The DOJ’s efforts aim to disrupt Pyongyang’s growing reliance on cryptocurrency theft and other illicit activities to fund its programs despite international sanctions.
Civil Forfeiture Actions Target Stolen Funds
The DOJ filed two civil forfeiture complaints to claim $15.1 million in stolen USDT. The funds were traced back to four virtual currency platforms compromised in 2023. The FBI initially seized the assets in March 2025, and now seeks court approval for permanent forfeiture.
The funds are suspected to be linked to several high-profile cyberattacks in 2023. These include the Poloniex breach, which resulted in the theft of $100 million in November, and the CoinsPaid hack in July, which led to a $37 million loss. The DOJ did not specify which incidents the forfeiture applies to.
The North Korean hackers allegedly laundered the stolen funds through a mix of crypto exchanges, OTC brokers, and cross-chain bridges. The DOJ’s efforts to trace these funds continue, to return them to the affected platforms.
US DOJ Targets North Korean IT Scheme
In a separate but related operation, the DOJ secured guilty pleas from five individuals involved in North Korea’s IT scheme. These individuals helped North Korean operatives infiltrate US companies by facilitating fraudulent remote IT work. The scheme allowed North Korean hackers to operate as if they were US-based workers, providing them access to corporate networks.
The individuals who pleaded guilty were primarily US citizens. They included Audricus Phagnasay, Jason Salazar, Alexander Paul Travis, and Erick Ntekereze Prince. They were admitted to wire fraud conspiracy after providing their identities to North Korean workers.
Ukrainian national Oleksandr Didenko also pleaded guilty. Didenko stole and sold US citizens’ identities, helping North Koreans secure roles at 40 US companies. He agreed to forfeit more than $1.4 million from his illicit activities.
The DOJ’s actions are part of a broader push to counter North Korea’s growing cybercrime operations. According to blockchain analytics firm Elliptic, North Korean hackers have stolen more than $2 billion in cryptocurrency so far in 2025. These cyberattacks are linked to North Korea’s Ministry of Defense and its efforts to fund sanctioned programs.
