An Arizona woman, Christina Marie Chapman, received a 102-month prison sentence for helping North Korean hackers secure remote IT jobs at U.S. crypto companies. The scheme generated over $17 million using stolen identities.
The U.S. Attorney’s Office for the District of Columbia announced the sentence on Thursday. Chapman pleaded guilty on February 11 to wire fraud conspiracy, money laundering conspiracy, and aggravated identity theft.
In addition to the prison time, she must serve three years of supervised release, forfeit $284,000, and pay $177,000 in restitution. The charges stem from a larger scheme where DPRK hackers posed as Americans using fake documents and stolen identities to gain jobs in the U.S. tech and crypto sectors.
Chapman Helped North Korea Crypto Jobs Scheme Use Stolen Identities
According to prosecutors, Chapman collaborated with DPRK operatives to access jobs at over 300 U.S.-based companies. These workers used 68 stolen U.S. identities to pass as legitimate candidates. They were paid in total $17 million, which authorities said was used to support North Korea’s weapons programs.
The Justice Department called this one of the largest DPRK remote work cases they have prosecuted. The scheme targeted crypto firms and tech startups, where remote hiring often lacks in-person identity checks.
Companies believed they were hiring U.S. citizens or residents, while in reality they had unknowingly employed remote IT workers tied to North Korea.
U.S. Treasury Links North Korea Crypto Jobs to Weapons Funding
The U.S. Treasury Department recently sanctioned two individuals and four entities involved in similar North Korea crypto jobs operations. These networks focus on infiltrating U.S. crypto companies by placing DPRK hackers as remote workers.
In early July, Treasury confirmed that the illegally earned income from these schemes funds weapons of mass destruction development in North Korea. The same month, reports confirmed that four DPRK individuals defrauded a U.S. crypto startup and a Serbian token company, stealing over $900,000.
In April, attackers disguised as remote IT workers infiltrated Web3 projects and stole another $1 million in crypto. In November 2024, reports showed North Korea hackers also entered multinational tech companies in the UK.
OFAC Violations Risk for U.S. Crypto Companies Hiring DPRK Workers
Legal experts warn that U.S. crypto companies hiring remote workers linked to North Korea could face OFAC violations. Under the Office of Foreign Assets Control (OFAC) rules, firms may be liable even if they did not know the workers were DPRK hackers.
Aaron Brogan, a crypto-focused lawyer, told Cointelegraph that U.S. sanctions follow strict liability rules:
“Anyone who engages in sanctioned activity, knowingly or not, is technically culpable.”
Niko Demchuk, head of legal at AMLBot, added that payments to DPRK-linked developers breach U.S. Treasury rules. He said companies face civil fines, criminal penalties, and possible reputational harm.
“If DPRK developers use fake or stolen identities to bypass company sanctions compliance checks and receive payments, the companies could still face legal trouble under OFAC regulations,”
Demchuk explained.
Brogan noted that OFAC is unlikely to prosecute companies that unknowingly hired North Korea crypto workers, but only if they followed proper verification procedures. If those checks were weak or missing, the risk increases.
Case Reveals Scale of North Korea Crypto Jobs Strategy
Chapman’s conviction highlights how North Korean hackers use stolen identities to access U.S. crypto jobs. The operation affected 309 U.S. companies and two international firms, using remote job platforms to avoid physical background checks.
The Justice Department said the scheme was structured to move illicit funds out of the U.S. financial system and into the hands of state-controlled programs in North Korea.
No companies were named in the official release, but the scale—over 300 U.S. firms and $17 million in crypto salaries—points to a systematic infiltration involving multiple sectors.
Authorities said these methods will continue to pose risks, especially for crypto companies hiring remotely.
