The United States Department of the Treasury took decisive action on November 4, 2025, sanctioning eight individuals and two entities connected to the Democratic People’s Republic of Korea (DPRK) for their alleged roles in laundering proceeds from cybercrime and fraudulent IT worker schemes through cryptocurrency networks. The sanctions represent one of the most significant enforcement actions targeting North Korean crypto-enabled financial crimes in recent years.
TL;DR
- Treasury’s OFAC sanctioned 8 individuals and 2 entities linked to DPRK cybercrime and IT worker fraud
- 53 cryptocurrency addresses tied to North Korea’s Cheil Credit Bank were added to the SDN list
- The sanctions target networks laundering stolen crypto proceeds and funneling funds back to Pyongyang
- OFAC simultaneously updated Belarus-related general licenses affecting certain blocked aircraft transactions
- Compliance teams worldwide must now screen against the newly designated addresses and individuals
The Scope of the Sanctions
The Office of Foreign Assets Control (OFAC) added the sanctioned individuals to its Specially Designated Nationals and Blocked Persons (SDN) List, effectively freezing any assets they hold under U.S. jurisdiction and prohibiting American persons from engaging in transactions with them. Among those designated are operatives connected to Cheil Credit Bank, a North Korean financial institution that has long been suspected of facilitating the regime’s access to international financial systems through illicit channels.
Blockchain analytics firm Elliptic confirmed that OFAC listed 53 cryptocurrency addresses associated with Cheil Credit Bank and the sanctioned individuals, spanning multiple blockchains including Bitcoin, Ethereum, and various stablecoin networks. The breadth of the designations underscores the extent to which North Korean operatives have embedded themselves within the decentralized finance ecosystem to move and launder stolen funds.
How the Laundering Networks Operate
According to Treasury’s press release, the sanctioned individuals were involved in two primary schemes. The first involves laundering proceeds from cybercrime — including the notorious cryptocurrency heists attributed to North Korean hacking groups such as Lazarus Group. After stealing digital assets from exchanges, DeFi protocols, and bridge platforms, the operatives move funds through a complex web of wallets, mixers, and cross-chain bridges to obscure the trail before converting them into fiat currency.
The second scheme involves the DPRK’s IT worker program, in which North Korean nationals pose as freelance developers and tech professionals on platforms like Upwork and Toptal. These workers generate significant revenue — estimated in the hundreds of millions of dollars annually — which is then laundered through crypto payment channels and routed back to the North Korean government. The sanctioned individuals allegedly played key roles in managing the financial infrastructure that enables this revenue stream.
Implications for Crypto Compliance
The addition of 53 new crypto addresses to the SDN list creates immediate compliance obligations for cryptocurrency exchanges, custodians, and other virtual asset service providers (VASPs). Under U.S. law, these entities must screen transactions against the SDN list and block any funds associated with sanctioned addresses. Failure to do so can result in severe penalties, including civil fines of up to $356,000 per violation under OFAC’s enforcement framework.
Major exchanges are expected to update their transaction monitoring systems within hours to flag any interactions with the newly designated addresses. Blockchain analytics companies including Chainalysis, Elliptic, and TRM Labs have already incorporated the new designations into their screening tools, enabling real-time detection of potential sanctions violations.
A Pattern of Escalating Enforcement
This action follows a series of increasingly aggressive enforcement moves by U.S. authorities against North Korean crypto-enabled financial crime. Earlier in 2025, the FBI and Treasury jointly exposed several crypto addresses linked to the TraderTraitor campaign, a social engineering operation that targeted employees at decentralized finance companies. The November 4 sanctions build on that work by targeting the financial infrastructure — the bankers and institutions — that make these schemes possible at scale.
The timing is also notable, coming just days before the Treasury closed the GENIUS Act comment period on the same day, signaling that the U.S. government is simultaneously building regulatory frameworks for legitimate stablecoin activity while aggressively pursuing bad actors who exploit digital assets for sanctions evasion and money laundering.
Why This Matters
Treasury’s sanctions against North Korean crypto laundering networks demonstrate that the United States is not waiting for comprehensive crypto regulation to be finalized before wielding its existing enforcement tools. The designation of 53 cryptocurrency addresses sends a clear message to both bad actors and the platforms that serve them: the blockchain is not an anonymous safe haven, and the U.S. government has the technical capability and legal authority to trace, freeze, and sanction illicit digital asset flows. For the crypto industry, these actions reinforce the urgency of robust compliance programs — not just as a regulatory checkbox, but as a fundamental requirement for operating in an environment where geopolitical enforcement increasingly intersects with decentralized finance.
Disclaimer: This article is for informational purposes only and does not constitute financial, legal, or investment advice. Sanctions compliance is a complex legal area, and readers should consult qualified professionals for guidance specific to their circumstances.
seeing 53 addresses hit the sdn list at once is like a massive ban wave in an mmo. elliptic is basically the anticheat here. hope compliance teams actually have their apis ready for this.
seeing 53 more addresses hit the sdn list makes me wonder if they’ll ever actually stop these guys. it’s scary how much they’re using things like cheil credit bank to move money. i’m really worried about how this affects the whole space.
elliptic as anticheat lmao. but seriously the 53 addresses are probably already rotated through. DPRK operates at a pace that sanctions simply cant match
cheil credit bank getting nuked by ofac today. dprk always finds a way to move the bags but 53 addresses is a lot of cleanup for the mixers.
screening 53 new addresses is trivial. the problem is DPRK launders through nested exchanges that dont screen at all
compliance hat nested exchanges are the real problem. OFAC can sanction 53 addresses but DPRK will just route through 53 new ones via exchanges with zero screening
53 addresses across BTC ETH and stablecoin networks. DPRK has diversified its laundering portfolio better than most retail traders manage their bags
diversified laundering portfolio better than most retail traders manage their bags is both hilarious and deeply depressing. DPRK crypto ops are genuinely sophisticated
Cheil Credit Bank has been a known DPRK proxy since 2017. OFAC adding crypto addresses now feels reactive not proactive
tran minh Cheil Credit Bank being a known DPRK proxy since 2017 and only now getting crypto-specific sanctions shows how far behind regulators are
OFAC sanctioned 53 crypto addresses tied to Cheil Credit Bank. meanwhile DPRK IT workers are still operating on freelance platforms earning crypto. sanctions address symptoms not the operation