The United States has hit a North Korean-linked crypto laundering operation in the UAE with new sanctions.
The Treasury Department’s Office of Foreign Assets Control (OFAC) sanctioned two Chinese nationals—Lu Huaying and Zhang Jian—along with a UAE-based front company, Green Alpine Trading, LLC, for laundering millions in illicit funds.
The network funneled stolen cryptocurrency back to Pyongyang to bankroll North Korea’s weapons of mass destruction (WMD) and ballistic missile programs.
The operation, masterminded by China-based North Korean agent Sim Hyon Sop, used digital assets to obscure the origin of the money. Sim, previously sanctioned by OFAC, oversaw the schemes, leveraging a complex web of crypto exchanges, money mules, and shell companies.
Crypto cash-outs and the UAE connection
The network’s key players operated primarily out of the United Arab Emirates. Lu Huaying, a Chinese national, allegedly began converting North Korean-obscured cryptocurrency into cash in early 2022.
Between then and September 2023, Lu successfully laundered millions of dollars on behalf of Sim Hyon Sop. The scheme used money mules and crypto-to-fiat conversions to disguise the funds’ origins, allowing the DPRK to purchase goods and services essential for its missile development.
Zhang Jian, another Chinese national based in the UAE, stepped in later. Between late 2022 and early 2023, Zhang facilitated fiat currency exchanges for Sim and allegedly acted as a cash courier. The funds, moved through layers of intermediaries, ultimately financed North Korea’s weapons programs.
Green Alpine Trading, LLC, served as the core of the operation. Registered in the UAE, the front company was integral to the laundering process, providing Sim’s network with the infrastructure to move money seamlessly across borders.
OFAC said Green Alpine attempted to provide “financial, material, and technological support” for North Korea’s illicit operations. The sanctions now freeze all U.S.-linked property and financial assets tied to Lu, Zhang, and Green Alpine Trading.
Any entity controlled 50% or more by the sanctioned individuals or company is also blocked. U.S. citizens and institutions are barred from engaging with the network.
North Korea’s crypto laundering tactics revealed
North Korea’s strategy is simple but effective: steal crypto, launder it, and cash it out through proxies. Digital assets, with their anonymity and decentralized nature, have become critical to the DPRK’s revenue generation.
The regime exploits cybercrime, fraudulent IT work, and stolen funds to bypass international sanctions. Sim Hyon Sop, the architect of the UAE-based operation, represents North Korea’s Korea Kwangson Banking Corp (KKBC).
KKBC is a state-run entity already blacklisted under U.S. and United Nations sanctions for its role in funding the DPRK’s WMD programs. From China, Sim directs these schemes, setting up shell companies and managing bank accounts to obscure the origin of the funds.
The Financial Crimes Enforcement Network (FinCEN) has long pointed to individuals like Sim as key players. They work as agents for state-backed institutions, pulling strings behind the scenes while using intermediaries like Lu and Zhang to handle the dirty work.
By relying on trusted proxies, Sim’s network operates across multiple jurisdictions with minimal direct involvement from Pyongyang.
The scale of North Korea’s crypto operations is staggering. Since 2017, estimates show that Pyongyang has stolen over $3 billion in cryptocurrency. These funds directly finance its ballistic missile and nuclear weapons programs, fueling the regime’s military ambitions while evading traditional banking systems.