- The US Treasury’s Office of Foreign Assets Control (OFAC) sanctioned more than fifty cryptocurrency addresses linked to North Korea’s Cheil Credit Bank on November 4, 2025.
- These addresses are connected to North Korean cybercrime activities, including financial theft and espionage used to fund weapons programs.
- Elliptic updated its blockchain tracking tools to include these addresses for screening and tracing.
- The total balance across the sanctioned crypto addresses is $5.4 million, and some overlap with exchanges and payment services already blacklisted.
- OFAC also sanctioned North Korea’s Ryujong Credit Bank and several bankers for sanctions evasion activities.
On November 4, 2025, the US Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned more than fifty cryptocurrency addresses belonging to North Korea’s Cheil Credit Bank. These sanctions aim to disrupt financial activity linked to North Korean cybercrime and espionage.
The designated crypto addresses are tied to schemes supporting North Korean cyber operations, which fund the country’s weapons of mass destruction and missile programs. According to OFAC’s press release, North Korean cyber actors have stolen over $3 billion in the past three years. Elliptic estimates that in 2025 alone, North Korea has stolen more than $2 billion.
Elliptic has acted quickly to add the newly designated addresses into its Holistic blockchain analytics tool. This allows users to identify and block transactions from these addresses, helping prevent inadvertent processing of tainted funds. The total combined balance of the 53 sanctioned addresses is $5.4 million. Among them, 26 addresses were previously blacklisted by Tether. The addresses have connections to multiple centralized exchanges, including sources and destinations exposed to Huione Pay and Huione Guarantee, which were designated as Primary Money Laundering Concerns under Section 311 of the U.S. Patriot Act.
In addition to Cheil Credit Bank, OFAC sanctioned the North Korea-based Ryujong Credit Bank and several bankers for facilitating sanctions evasion between China and North Korea. OFAC described their role as enabling transfers of foreign currency earnings, money laundering, and financial transactions for overseas North Korean workers.
The sanctions follow a report published on October 22, 2025, by the Multilateral Sanctions Monitoring Team, which identified 28 of the involved crypto addresses.
North Korea’s so-called IT workers, who operate globally to obscure their identities, play a significant role in cyber theft and ransom extortion targeting Western companies. For example, the $1.46 billion breach of the exchange Bybit in February 2025 was attributed to such actors. OFAC highlights that these workers earn hundreds of millions of dollars annually through various IT projects.
The transparency of blockchain technology helps to trace these illicit financial flows, enabling authorities and industry participants to detect and reduce the movement of criminal funds. This collaborative effort supports maintaining the integrity and safety of the digital asset ecosystem.
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
Previous Articles:
- Theta Labs Secures Patent for Advanced Tree-of-Thought AI System
- Bitcoin White Paper Hits 17 Years, Network Remains Resilient
- Ethereum Funds Dwindle as Bitcoin Attracts Institutional Capital
- Nine Arrested in €600M Crypto Money Laundering Bust
- 5 Key Uses of Chainlink Runtime Environment (CRE) Explained
