The U.S. Federal Bureau of Investigation (FBI) has officially issued a wanted notice for three North Korean nationals suspected of infiltrating global IT and blockchain companies under false employment and stealing cryptocurrency through internal access. The FBI is offering up to $5 million in rewards for information leading to their identification or whereabouts.
The individuals are alleged members of the Lazarus Group, a state-sponsored North Korean hacking organization previously linked to high-profile attacks such as the Axie Infinity and Ronin Network breaches, which resulted in the theft of hundreds of millions of dollars worth of digital assets. This latest move highlights the U.S. government’s increasingly hardline stance on North Korea’s cyber warfare tactics.
According to the FBI, the suspects used falsified résumés and fake identities to pose as developers and secure remote work at blockchain, gaming, and IT firms across the U.S., Europe, and Asia. Once inside, they allegedly stole digital assets or planted spyware and backdoors through malicious files and links sent during the hiring process. The surge in remote work has created vulnerabilities that these hackers exploited with alarming precision.
What sets this case apart is North Korea’s use of job scams as a direct attack vector, not just traditional hacking. By targeting the hiring pipeline itself, rather than technical infrastructure, these attackers have added a new layer of sophistication to cybercrime.
The U.S. Department of State, through its “Rewards for Justice” program, has announced that it will pay up to $5 million for credible tips that help locate or identify these individuals. The reward underscores the U.S. government’s view of these activities as financial terrorism and a threat to global digital infrastructure.
Cybersecurity experts warn that blockchain startups, NFT platforms, and gaming companies—which often rely on freelance or remote developers—are especially vulnerable. They urge companies to strengthen hiring security protocols, such as background checks, code reviews, and tight access control over internal systems.
