The US Justice Department announced five guilty pleas connected to a scheme that allowed North Korean IT workers to fraudulently secure remote jobs at American companies, generating more than $2.2 million for the sanctioned regime and affecting at least 136 US firms.
According to prosecutors, more than 18 Americans had their identities stolen or misused as part of the operation. In three cases, US citizens knowingly provided their personal information to North Korean workers. Audricus Phagnasay, 24, Jason Salazar, 30, and Alexander Paul Travis, 34, each pleaded guilty to wire fraud conspiracy after allowing North Korean contractors to use their identities to obtain US-based tech jobs. The trio hosted company laptops in their homes, installed remote-access tools, and helped the workers pass vetting checks, with Travis and Salazar taking drug tests on their behalf.
Travis, who was on active duty with the US Army at the time, was paid more than $51,000 for his role. Phagnasay and Salazar earned roughly $3,450 and $4,500, respectively. The scheme enabled North Korean workers using their identities to earn $1.28 million in salaries.
Ukrainian national Oleksandr Didenko also pleaded guilty to wire fraud and identity theft. Prosecutors said he stole multiple US identities and sold them to North Korean facilitators, helping them secure work at 40 US companies. Didenko, extradited from Poland in December 2024, forfeited $1.4 million. The DOJ previously linked him to several “laptop farms.” One alleged co-conspirator, US national Christina Chapman, was sentenced to 8.5 years in prison last year.
Another defendant, Erick Ntekereze Prince, pleaded guilty to wire fraud conspiracy for using his Florida-based company to place North Korean IT workers using stolen or falsified identities at dozens of US firms. He also ran a laptop farm and earned about $89,000 from the operation. Prince was charged in January along with US national Emanuel Ashtor and Mexican national Pedro Ernesto Alonso de los Reyes. Ashtor awaits trial, while de los Reyes remains in custody in the Netherlands pending extradition. The three are accused of helping North Korean workers earn nearly $1 million through fraudulent employment at 64 companies.
Alongside the guilty pleas, the Justice Department announced forfeiture actions connected to more than $15 million in cryptocurrency stolen by North Korea’s APT38 hacking group, also known as Lazarus or TraderTraitor. The FBI said the seizures are linked to several major 2023 crypto heists, including the $100 million Atomic Wallet breach, a $60 million theft from Alphapo, and the $100 million hack of Harmony’s Horizon Bridge.
Officials said efforts continue to trace and recover the stolen funds, noting that North Korea has moved the cryptocurrency through numerous exchanges, mixers, and other laundering channels.
