Washington(CNN)Devin, the founder of a cryptocurrency startup based in San Francisco, woke up one day in February to the most bizarre phone call of his life.
The man on the other end, an FBI agent, told Devin that the seemingly legitimate software developer he’d hired the previous summer was a North Korean operative who’d sent tens of thousands of dollars of his salary to the country’s authoritarian regime.
Stunned, Devin hung up and immediately cut the employee off from company accounts, he said
Treasury will continue to target the DPRK’s revenue generating efforts, including its illicit IT worker program and related malign cyber activities,” Brian Nelson, Treasury undersecretary for terrorism and financial intelligence, said in a statement to CNN, using the acronym for North Korea.
“Companies that engage with or process transactions for [North Korean tech] workers risk exposure to US and UN sanctions,” added Nelson, who last month met with South Korean government officials to discuss ways of countering the North’s money-laundering and cybercrime activity.
CNN has emailed and called the North Korean Embassy in London seeking comment.
Federal investigators are also on the lookout for Americans who may be inclined to lend their expertise in digital currencies to North Korea.
In April, a 39-year-old American computer programmer named Virgil Griffith was sentenced to more than five years in US prison for violating US sanctions on North Korea after speaking at a blockchain conference there in 2019 on how to evade sanctions. Griffith pleaded guilty and, in a statement submitted to the judge before sentencing, expressed “deep regret” and “shame” for his actions, which he attributed to an obsession to see North Korea “before it fell.”
But the long-term challenge facing US officials is much subtler than conspicuous blockchain conferences in Pyongyang. It involves trying to curtail the diffuse sources of funding that the North Korean government gets from its tech diaspora funding source for the regime, the Treasury official told CNN.
“He was a good contributor,” Devin lamented, puzzled by the man who had claimed to be Chinese and passed multiple rounds of interviews to get hired. (CNN is using a pseudonym for Devin to protect the identity of his company).
Devin’s encounter is just one example of what US officials say is a relentless, evolving effort by the North Korean government to infiltrate and steal from cryptocurrency and other tech firms around the world to help fund Kim Jong Un’s illicit nuclear and ballistic weapons program.
North Korean government-backed hackers have stolen the equivalent of billions of dollars in recent years by raiding cryptocurrency exchanges, according to the United Nations. In some cases, they’ve been able to nab hundreds of millions of dollars in a single heist, the FBI and private investigators say.
Now, US federal investigators are publicly warning about a key pillar of the North Korean strategy, in which the regime places operatives in tech jobs throughout the information technology industry.
The FBI, Treasury and State departments issued a rare public advisory in May about thousands of “highly skilled” IT personnel who provide Pyongyang with “a critical stream of revenue” that helps bankroll the regime’s “highest economic and security priorities.”
It’s an elaborate money-making scheme that relies on front companies, contractors and deception to prey on a volatile industry that is always on the hunt for top talent. North Korean tech workers can earn more than $300,000 annually — hundreds of times the average income of a North Korean citizen — and up to 90% of their wages go to the regime, according to the US advisory.
“(The North Koreans) take this very seriously,” said Soo Kim, a former North Korea analyst at the CIA. “It’s not just some rando in his basement trying to mine cryptocurrency,” she added, referring to the process of generating digital money. “It’s a way of life.”
The value of cryptocurrency has plummeted in recent months, depleting the North Korean loot by many millions of dollars. According to Chainalysis, a firm that tracks digital currency, the value of North Korean holdings sitting in cryptocurrency “wallets,” or accounts, that have not been cashed out has dropped by more than half since the end of last year, from $170 million to about $65 million.
But analysts say the cryptocurrency industry is too valuable a target for North Korean operatives to turn away from because of the industry’s relatively weak cyber defenses and the role that cryptocurrency can play in evading sanctions.
US officials have in recent months held a series of private briefings with foreign governments such as Japan, and with tech firms in the US and abroad, to sound the alarm about the threat of North Korean IT personnel, a Treasury Department official who specializes in North Korea told CNN.
The list of companies targeted by North Koreans covers just about every aspect of the freelance technology sector, including payment processors and recruiting firms, the official said.
Pyongyang has banked on its overseas tech workers for revenue for years. But the coronavirus pandemic — and the occasional lockdown it has caused in North Korea — has, if anything, made the tech diaspora a more crucial.