U.S. designates six people, two entities in DPRK IT worker and crypto case
The U.S. Treasury said US sanctions DPRK IT facilitators over crypto transactions marked its latest move against North Korean overseas revenue networks, as OFAC designated six individuals and two entities tied to fraudulent remote work, money movement, and cryptocurrency conversion. Treasury said the schemes generated nearly $800 million in 2024 for Pyongyang’s weapons of mass destruction programs.
The sanctions target operatives and enablers Treasury says helped North Korean IT workers pose as legitimate remote contractors, conceal identities, open bank accounts, and move earnings through financial channels including crypto. Treasury said such workers have also, in some cases, introduced malware into company networks and extracted sensitive information.
US sanctions DPRK IT facilitators over crypto transactions as OFAC names facilitators
Treasury identified Vietnam-based Nguyen Quang Viet, chief executive of Quangvietdnbg International Services Company Limited, as a currency-conversion facilitator for North Koreans. According to Treasury, Nguyen converted about $2.5 million into cryptocurrency between mid-2023 and mid-2025, including illicit earnings linked to Amnokgang Technology Development Company, a DPRK IT company that Treasury says manages overseas IT worker delegations and conducts procurement activity. Treasury also designated Quangvietdnbg and Amnokgang.
Treasury also designated Hoang Van Nguyen and Do Phi Khanh, saying both supported previously sanctioned DPRK nuclear procurement facilitator Kim Se Un. OFAC said Hoang helped enable crypto transactions and bank-account access for Kim and, in 2022, facilitated a counterfeit cigarette deal worth more than $200,000 on Kim’s behalf.
Why US sanctions DPRK IT facilitators over crypto transactions matters for employers and crypto firms
Treasury said the designations hit networks operating from the DPRK, Vietnam, Laos, and Spain, underscoring how North Korean workers and facilitators rely on third-country infrastructure to secure freelance contracts and move funds. In one Laos-linked case, Treasury said DPRK national Yun Song Guk led a group operating out of Boten, Laos, since at least 2023 and coordinated several dozen transactions totaling more than $70,000 with Hoang Minh Quang. Treasury also said Yun worked with York Louis Celestino Herrera on freelance IT service contracts.
The action is part of a broader U.S. campaign against DPRK IT worker revenue streams. Treasury previously warned that North Korean workers use fake personas, proxy accounts, forged documents, and stolen identities to gain jobs at companies in the U.S. and allied countries, especially in technology and virtual-asset sectors.
Context and Analysis
The new sanctions arrive amid heightened concern over North Korea’s cyber and crypto operations. Treasury has repeatedly said DPRK IT worker schemes help fund WMD and ballistic missile programs, while also creating openings for data theft, extortion, and malware deployment. Treasury’s March 12 action builds on prior sanctions in May 2023, July 2025, December 2024, and November 2025 targeting DPRK cyber, laundering, and IT worker networks.
Outside Treasury, blockchain-tracing firms have described a worsening threat picture. Chainalysis said more than $2.17 billion had been stolen from crypto services by mid-2025, already exceeding the whole of 2024, and said the $1.5 billion ByBit theft accounted for the majority of service losses. Reuters separately reported that the FBI attributed the ByBit hack to North Korean actors.
Concluding Remarks
Treasury’s latest action shows Washington is targeting not only North Korean operatives but also the cross-border facilitators, companies, and financial channels that make the IT worker model work. The next question is whether employers, exchanges, banks, and payment providers tighten screening fast enough to disrupt the broader revenue pipeline Treasury says is feeding Pyongyang’s weapons programs.
FAQs
Q1 : What did the U.S. Treasury do?
A : The U.S. Treasury, through its Office of Foreign Assets Control (OFAC), sanctioned six individuals and two entities on March 12, 2026. They were accused of helping North Korea (DPRK)–run IT worker schemes generate revenue and move funds, including through cryptocurrency.
Q2 : Why does the U.S. say these sanctions matter?
A : Treasury says these schemes help finance North Korea’s weapons of mass destruction and ballistic missile programs. The activity also exposes global companies to risks such as fraud, malware infections, and data theft.
Q3 : Who is Nguyen Quang Viet?
A: Treasury identifies Nguyen Quang Viet as the CEO of Vietnam-based Quangvietdnbg International Services Company Limited. According to U.S. officials, he converted roughly $2.5 million into cryptocurrency for North Korean actors between mid-2023 and mid-2025.
Q4 : What does “U.S. sanctions DPRK IT facilitators over crypto transactions” refer to?
A: It refers to the March 12, 2026 OFAC action targeting facilitators and entities accused of helping North Korean IT workers secure jobs abroad, move illicit proceeds, and convert funds into cryptocurrency.
Q5 : Where were the targeted networks operating?
A : Treasury said the designated facilitators were operating across North Korea, Vietnam, Laos, and Spain, highlighting the global reach of the DPRK IT worker and crypto-finance networks.
Q6 : How large is the wider DPRK crypto threat?
A : Blockchain analytics firm Chainalysis reported that more than $2.17 billion was stolen from crypto services in 2025 by mid-year. Much of that total came from the ByBit hack, which Reuters said the Federal Bureau of Investigation (FBI) attributed to North Korean actors.
Facts
Event
Treasury sanctions facilitators tied to DPRK IT worker fraud and crypto conversion.Date/Time
2026-03-12T00:00:00-04:00Entities
U.S. Department of the Treasury; Office of Foreign Assets Control (OFAC); Democratic People’s Republic of Korea (DPRK); Amnokgang Technology Development Company; Quangvietdnbg International Services Company Limited; Nguyen Quang Viet; Hoang Van Nguyen; Do Phi Khanh; Yun Song Guk; Hoang Minh Quang; York Louis Celestino Herrera.Figures
Nearly USD 800 million generated in 2024; about USD 2.5 million converted into crypto between mid-2023 and mid-2025; more than USD 70,000 in Laos-linked transactions; more than USD 200,000 in a 2022 counterfeit cigarette deal; more than USD 2.17 billion stolen from crypto services by mid-2025; about USD 1.5 billion in the ByBit theft.Quote
“The North Korean regime targets American companies through deceptive schemes carried out by its overseas IT operatives, who weaponize sensitive data and extort businesses for substantial payments,” Treasury Secretary Scott Bessent.Sources
U.S. Treasury press release; Chainalysis mid-year report; Reuters report on FBI attribution.