Five individuals—Audricus Phagnasay, Jason Salazar, Alexander Paul Travis, Oleksandr Didenko, and Erick Ntekereze Prince—have admitted their roles in helping North Korea secretly generate revenue. This involved running illegal IT-worker schemes that directly violated international sanctions, with the U.S. Department of Justice (DoJ) announcing the guilty pleas. The DoJ also highlighted civil forfeiture actions seizing over $15 million from related North Korean virtual currency heists, stating that the regime uses both types of schemes to fund its weapons and other priorities in violation of sanctions. The comprehensive approach to disrupting the DPRK’s financing efforts aims to protect U.S. national and economic security.
Three U.S. nationals—Phagnasay, Salazar, and Travis—pleaded guilty to wire fraud conspiracy for their part in helping overseas IT workers fraudulently secure U.S. jobs between 2019 and 2022. Their assistance included providing identities, hosting company laptops, installing remote access software, and even attending required drug tests on behalf of the remote workers. This specific scheme generated $1.28 million in salaries, most of which was sent overseas. Travis personally received $51,000, while Phagnasay and Salazar earned smaller amounts. The case was handled by the FBI and U.S. prosecutors.
Ukrainian national Oleksandr Didenko pleaded guilty to wire fraud and identity theft after he was arrested in Poland in 2024 and extradited to the U.S. He admitted to stealing U.S. citizens’ identities and selling them to overseas IT workers, including North Koreans, enabling them to fraudulently work for 40 U.S. companies. His victims paid hundreds of thousands of dollars, and Didenko agreed to forfeit over $1.4 million in cash and cryptocurrency. This prosecution emphasizes the ongoing efforts by the FBI and U.S. Attorney offices to dismantle North Korean-funded fraud schemes.
U.S. national Erick Ntekereze Prince also pleaded guilty to wire fraud conspiracy for aiding overseas IT workers, including North Koreans, in securing fraudulent employment with U.S. companies using false identities. Prince used his company to host company laptops in Florida and install remote access software, creating the false appearance that the workers were local. This particular scheme involved 64 U.S. companies, generated over $943,000 in salaries mostly sent overseas, and earned Prince over $89,000. The FBI Miami Field Office was responsible for investigating this case.
Beyond the IT worker fraud, the U.S. DOJ filed civil complaints to forfeit over $15 million in Tether (USDT) seized from North Korean APT38 actors. These funds were linked to four major cryptocurrency heists conducted in 2023 targeting exchanges in Estonia, Panama, and Seychelles. The FBI is actively investigating, tracing, and seizing stolen cryptocurrency that is still being laundered. North Korean IT workers generate hundreds of thousands of dollars annually to finance DPRK weapons programs, and U.S. agencies have issued advisories, offering rewards of up to $5 million to help disrupt these continuous illicit financial operations.
Reference:
