North Korea Uses Crypto and IT Workers to Evade Sanctions, Report Finds
North Korea has been using cryptocurrency and overseas IT workers to bypass United Nations (UN) sanctions and fund its weapons programs, according to a new report from an international sanctions monitoring group.
Under Kim Jong Un’s leadership, Pyongyang has increasingly turned to cybercrime to earn money, especially as sanctions over its nuclear and missile programs continue to limit its economy.
The Multilateral Sanctions Monitoring Team (MSMT) revealed that North Korean hackers stole at least $1.65 billion between January and September 2025. This includes a major theft of $1.4 billion from the crypto exchange Bybit in February. The stolen money was reportedly funneled into the country’s weapons of mass destruction (WMD) and ballistic missile programs.
The report also found that North Korean officials used stablecoins — a type of cryptocurrency — to buy and sell military equipment and raw materials like copper, which is used for making ammunition.
IT Workers Sent Abroad to Make Money
North Korea has also been sending large numbers of IT workers abroad to secretly earn income for the regime. The report said that these workers were found in at least eight countries, including China, Russia, Laos, Cambodia, Equatorial Guinea, Guinea, Nigeria, and Tanzania.
The MSMT added that Pyongyang planned to send 40,000 workers to Russia, including many IT specialists, even though UN sanctions ban North Korean citizens from earning money overseas.
In recent years, North Korea has strengthened its ties with Russia, reportedly sending weapons and soldiers to support Moscow’s war in Ukraine.
Hidden Work with Major Companies
According to the report, some North Korean IT workers have secretly worked on animation projects linked to major global companies such as Amazon and HBO Max. They allegedly hid their nationalities and worked through subcontractors.
An Amazon spokesperson confirmed that the company had never hired these workers directly, saying:
“We previously worked with an animation studio that used subcontractors allegedly involved in this scheme. They were not Amazon employees and had no access to our systems.”
HBO did not respond to requests for comment.
Some of these animators were reportedly connected to SEK Studio, a North Korean state-owned animation company that had previously worked on international projects, including The Simpsons Movie (2007).
Cyber Espionage Operations
South Korea’s intelligence agency revealed last year that North Korean hackers used LinkedIn to pose as recruiters and approach employees at South Korean defense firms, attempting to steal defense technology.
Monitoring Group’s Findings
The MSMT, which began operating in October 2024, independently monitors violations of UN sanctions on North Korea. It said that, in addition to the 2025 cyber thefts, North Korea also gained about $1.2 billion from cryptocurrency-related crimes in 2024.
