Marlon Williams said he was surprised to find hundreds of thousands of dollars missing from his Buckhead-based cryptocurrency startup three years ago.
But the local entrepreneur was even more shocked when the FBI told him his former chief technology officer was actually working on behalf of North Korea’s government to steal from U.S. businesses.
“It’s like I’m living in a James Bond movie,” said Williams, a Roswell man who has been building different cryptocurrency companies for the last decade.
Federal prosecutors in Atlanta said four North Korean nationals used their remote IT positions to funnel nearly $1 million worth of virtual currency from Williams’ blockchain company and another Serbian business.
A federal grand jury indicted the men in late June as part of a broader crackdown on what authorities said is an elaborate yearslong scheme by North Korea’s government to infiltrate U.S. companies and generate money for its weapons programs.
The Justice Department said it has uncovered similar schemes involving remote IT workers at more than 100 businesses across the country, including some Fortune 500 firms.
Now the FBI’s Atlanta office is warning tech companies to increase hiring scrutiny, especially when filling remote IT positions with overseas workers they don’t know.
“North Korea dispatches operatives around the world to obtain remote IT jobs to generate revenue for the North Korean regime,” U.S. Attorney Theodore Hertzberg said at a news conference in Atlanta.
ExploreGwinnett couple warn others after losing $800K in cryptocurrency scamIn addition to sending their salaries back to North Korea’s government, Hertzberg said the IT workers use fake or stolen identities to infiltrate companies and eventually steal from them, calling it “a long-con.”
Kim Kwang Jin, Kang Tae Bok, Jong Pong Ju and Chang Nam Il are charged in a five-count wire fraud and money laundering indictment stemming from the thefts from Atlanta- and Serbia-based crypto businesses, federal prosecutors said. None of the four men are in custody.
Williams, the founder of the blockchain research and development company Starter Labs, estimates more than $1 million worth of cryptocurrency was stolen by his former employee.
He said he initially hired Kim as a software developer in late 2020, assigning him relatively minor tasks at first.
Credit: Contributed
Credit: Contributed
“I thought he was a good developer,” said Williams, who knew the man as “Pemba.” “There were no red flags at all.”
The two spoke daily, and as far as Williams knew, his employee was a 30-something IT professional living in Dubai with his girlfriend. He said he had no clue the man was North Korean.
Impressed with the developer’s work ethic, Williams said he eventually promoted him to the position of chief technology officer.
As the startup grew, the CTO was allowed to hire and supervise other developers, Williams said. That apparently led to others in Kim’s circle being involved.
The remote worker was given access to his company’s funding pool and regularly transferred large amounts of virtual currency without issue.
Williams and his employees spoke often about their personal lives and hobbies over video chat. But they never met in person, Williams said, something that’s not uncommon in a field that tends to embrace anonymity and remote work.
“These guys worked for me for nearly two years,” he said. “We were close. I trusted them.”
Then funds began to go missing, Williams said-- $30,000 at first and then nearly $750,000. He said his CTO denied taking the funds, but when Williams threatened to go to the FBI he said the developers “disappeared into the ether.”
“They slow-played me,” he said. “Now it all makes sense — their approach, their patience. They knew exactly what they were doing."
Paul Brown, Special Agent in Charge of FBI Atlanta, said the companies were blindsided by North Korean nationals who used phony credentials to land jobs, gain their employers’ trust and ultimately “steal digital assets to fund their regime.”
Brown said federal authorities are seeking to expose such threats and protect U.S. businesses from what he called “nation-state cybercrime.“
The Justice Department said it seized 29 financial accounts and 17 web domains allegedly used to launder funds to North Korea through the remote IT work scheme. Authorities have also searched 29 known or suspected “laptop farms” across 16 states as part of the latest crackdown.
The FBI is offering a reward of up to $5 million for information leading to the identification and arrests of other fraudulent North Korean IT workers accused of stealing money and sensitive proprietary information from U.S. companies.
Williams called the theft a major blow to his business, but said his company has since recovered. Going forward, however, he said he only wants to hire people he knows — preferably those based in Atlanta.
He also takes some solace in knowing he wasn’t the only one bamboozled.
“It wasn’t just me,” he said. “I was actually just a victim of this covert operation.”
English (US) ·