Overview
- Audricus Phagnasay, Jason Salazar, and Alexander Paul Travis pleaded guilty to wire fraud conspiracy in Georgia, Erick Ntekereze Prince pleaded guilty in Florida, and Ukrainian national Oleksandr Didenko pleaded guilty in Washington, D.C. to wire fraud conspiracy and aggravated identity theft.
- Facilitators supplied stolen or false identities, hosted U.S. company laptops, installed remote access tools, and in some cases took drug tests to conceal that the real workers were overseas.
- The Justice Department attributes the activity to North Korea-linked APT38, also known as Lazarus Group, tied to the Reconnaissance General Bureau.
- Two civil forfeiture complaints seek to seize and return more than $15 million in USDT traced to four APT38 crypto heists in 2023 affecting platforms in Estonia, Panama, and Seychelles after investigators tracked and froze funds across exchanges and mixers.
- Didenko, arrested in Poland in 2024 and extradited to the U.S., agreed to forfeit over $1.4 million, as authorities pursue the DPRK RevGen: Domestic Enabler Initiative and urge tighter vetting of remote hires.