North Korea allegedly stole more than $1 million, and the U.S. is scrambling to recover these funds.
Cryptocurrency Theft: US Department of Justice Seeks Recovery of Stolen Funds
The US Department of Justice is currently attempting to recover around $1 million stolen from a New York company in a cryptocurrency heist. The alleged perpetrator, Bong Chee Shen (also known as Chang Nam Il), is wanted for this theft and for separate incidents affecting a blockchain research and development company in Atlanta and a company in Serbia.
Shen was hired as the primary engineer working on the company's cryptocurrency wallet system in December 2022. It is alleged that he engineered a vulnerability in the wallet, which enabled him to steal approximately $1.35 million worth of Tether tokens (a stablecoin pegged to the US dollar) between May and August 2024.
To obscure the trail of the stolen funds, Shen reportedly engaged in a complex, multi-layered laundering operation that funneled the stolen funds through multiple blockchain transactions. The laundering activity spanned roughly three months, concluding in November 2024.
The theft was discovered after Shen and two other IT experts—whom he recommended to the company and who also worked on the wallet project—were all fired in May 2024 due to poor performance and communication issues.
Following an FBI investigation, a warrant was issued on April 17, 2025, prompting Tether Limited to seize and freeze the stolen tokens. On July 17, 2025, the FBI took possession of approximately 1,008,902 tether tokens worth about $1,008,564.72, which they currently hold while the U.S. Department of Justice seeks to recover these funds for the victimized company.
Shen, Joshua Charles Palmer, and Chris Yu, the alleged perpetrators, remain at large. It is worth noting that Shen's connection to North Korea's IT apparatus suggests possible broader involvement in state-linked cryptocurrency thefts.
The US Rewards for Justice program is offering $5 million for information that leads to the disruption of the mechanisms used by North Koreans to generate money for their homeland. ID card images for North Korean IT worker aliases Joshua Charles Palmer and Chris Yu have been provided.
The FBI traced Chang's fake Malaysian identity card to a Know Your Customer information check at a virtual currency site where he registered the wallet. Joshua Charles Palmer, one of the men allegedly involved in the New York company raid, presented the company with a Michigan identity card that was issued to a different individual, with the same serial number as the one used by the North Korean imposter. Chris Yu, the other man allegedly involved in the New York company raid, presented the company with a fake Malaysian identity document. This identity is associated with North Korean IT workers, according to the FBI's information.
As the investigation continues, the public is urged to remain vigilant and report any suspicious activities related to cryptocurrency thefts.
- The US Department of Justice, in an effort to enhance crypto security within the finance sector, is seeking the recovery of approximately $1 million stolen in a cryptocurrency heist.
- The FBI, while tracing the stolen funds, found evidence of a complex cybersecurity breach involving a laundering operation that funneled the stolen cryptocurrency through multiple blockchain transactions.
- General-news outlets and crime-and-justice networks are following this case closely due to possible involvement of North Korean IT workers in the alleged cryptocurrency thefts.
- The US Rewards for Justice program has offered $5 million for information leading to the disruption of North Korea's mechanisms for generating funds through cryptocurrency thefts, as the investigation into these incidents continues.
