The US Department of the Treasury’s Office of Foreign Assets Control (OFAC) has imposed sanctions on two individuals and one entity involved in laundering millions of dollars in illicit funds for North Korea. Lu Huaying and Zhang Jian operated in the United Arab Emirates (UAE), using a front company to facilitate money laundering and cryptocurrency conversion, ultimately sending the proceeds back to Pyongyang. The OFAC highlighted North Korea’s reliance on agents and proxies to access the global financial system for illegal activities, which are part of broader efforts to destabilize international security, including increased military ties to Russia in Europe.
Sim Hyon Sop, a representative of North Korea’s Korea Kwangson Banking Corp (KKBC) based in China, is a key figure in these illicit financial activities. Operating as an agent for North Korean financial institutions, Sim is accused of orchestrating money laundering schemes, establishing shell companies, and managing bank accounts to move illicit funds, primarily through digital assets to support North Korea’s missile programs. Huaying has allegedly been involved in laundering millions of dollars from DPRK activities by converting cryptocurrency into fiat currency since 2022, using various methods such as money mules. Zhang Jian also facilitated the exchange of fiat currency and acted as a courier for Sim, leading to their designation by the OFAC, along with Green Alpine Trading, LLC, the UAE-based front company involved in the network.
Acting Under Secretary of the Treasury for Terrorism and Financial Intelligence Bradley T. Smith emphasized the importance of disrupting networks that fund the DPRK’s weapons programs, including digital assets. He mentioned that the US, along with partners like the UAE, will continue to target financial networks supporting the Kim regime’s destabilizing activities. North Korea’s involvement in cybercrime has caused significant damage in the crypto industry through high-profile hacks and exploits. Recent incidents include North Korean developers infiltrating crypto projects to steal $1.3 million, using a fake NFT game with a Chrome zero-day flaw to steal wallet credentials, and orchestrating the 2019 Upbit crypto heist worth $50 million.
Collaboration with international law enforcement agencies led to the identification of North Korean IP addresses and virtual asset flow patterns used to launder stolen funds. The most recent hack on Radiant Capital’s DeFi platform in October 2024, involving $50 million in losses, was also attributed to a North Korea-linked hacking group using a Telegram-based malware scheme. These incidents demonstrate North Korea’s continued use of complex criminal schemes and digital assets to fund its weapons programs, highlighting the importance of disrupting financial networks facilitating this illicit flow of funds. The OFAC’s actions against individuals and entities involved in these activities reinforce the commitment to target those supporting the DPRK’s destabilizing actions.