Audit log

Every state-changing event for Cheil Credit Bank: moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

1. #1publishby system:backfill

   2026-06-03 00:08:02Z
   Score: ? → ? (no score change)
   anchoranchored

   chain

   ●mainnet-betaslot 423,915,064

   sig

   C5wCkr5LgYBn…tWZaYfcNcopyexplorer ↗

   hash

   GAZLtZUiyc2M…dz1V3ajTcopysha256 → base58

   verifying row…full verify ↗

   canonical bytes (28622 B) ▸

   {"actor":"system:backfill","investigation_id":"55d62636-4157-4069-bb32-0dac10179f21","kind":"publish","page_slug":"cheil-credit-bank","published_at":"2026-06-03T00:08:01.951Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Cheil Credit Bank","sections":[{"content":"Cheil Credit Bank is listed on the U.S. Treasury OFAC Specially Designated Nationals (SDN) list under the DPRK4 North Korea sanctions program. The bank was first designated on September 26, 2017, pursuant to Section 1(a)(i) of Executive Order 13810, which President Trump issued in response to North Korea's September 2017 nuclear test and ballistic missile tests. The designation blocked all property and interests in property of the bank subject to U.S. jurisdiction, and imposed secondary sanctions risk on non-U.S. persons transacting with it under North Korea Sanctions Regulations Section 510.214. Japan followed with its own designation on November 7, 2017, and Australia added Cheil Credit Bank to its DPRK Sanctions Regime beginning December 1, 2023. On November 4, 2025, OFAC substantially expanded the SDN record by appending 53 cryptocurrency addresses — primarily USDT (TRC-20) addresses on the Tron blockchain — to the bank's listing, marking the largest single crypto-address expansion for any DPRK-designated financial entity. The Federal Register published formal notice of this action on November 17, 2025.","heading":"OFAC Sanctions Status","severity":"critical","sources":[{"credibility":1,"name":"OFAC SDN Details — Cheil Credit Bank (ID 22985)","type":"regulatory","url":"https://sanctionssearch.ofac.treas.gov/Details.aspx?id=22985"},{"credibility":1,"name":"OFAC Recent Action — November 4, 2025","type":"regulatory","url":"https://ofac.treasury.gov/recent-actions/20251104"},{"credibility":1,"name":"Federal Register — Notice of OFAC Sanctions Action, Nov 17, 2025","type":"regulatory","url":"https://www.federalregister.gov/documents/2025/11/17/2025-19924/notice-of-ofac-sanctions-action"},{"credibility":1,"name":"OFAC North Korea Designations — September 26, 2017","type":"regulatory","url":"https://ofac.treasury.gov/recent-actions/20170926_33"},{"credibility":2,"name":"OpenSanctions — Cheil Credit Bank entity record","type":"other","url":"https://www.opensanctions.org/entities/NK-6EKRRzybwoAuPWKmX2zRnr/"}]},{"content":"Cheil Credit Bank (SWIFT/BIC: KYCBKPPY) operates under aliases including First Credit Bank and First Trust Bank Corporation, and was formerly known as Kyongyong Credit Bank. Its primary registered address is 3-18 Pyongyang Information Center, Potonggang District, Pyongyang, North Korea. The bank maintained representative offices in Beijing, Shenyang, and Shanghai, China, which served as conduits to international financial markets. According to 38 North's 2016 and 2017 surveys of DPRK financial institutions, the bank had authorized capital of approximately $14 million and is believed to be affiliated with the Workers' Party of Korea. Historical records indicate the bank may have managed a merger between Sintak Euhaeng (an investment trust bank) and Korea Joint Venture Bank. Its SWIFT code KYCBKPPY (Kyongyong Credit Bank Pyongyang) reflects its former name. The bank's overseas representative network in China enabled it to interface with correspondent banking and digital asset markets beyond North Korean borders, a structural feature consistent with the broader DPRK sanctions-evasion architecture.","heading":"Institutional Background","severity":"critical","sources":[{"credibility":1,"name":"OFAC SDN Details — Cheil Credit Bank (ID 22985)","type":"regulatory","url":"https://sanctionssearch.ofac.treas.gov/Details.aspx?id=22985"},{"credibility":2,"name":"OpenSanctions — Cheil Credit Bank entity record","type":"other","url":"https://www.opensanctions.org/entities/NK-6EKRRzybwoAuPWKmX2zRnr/"},{"credibility":2,"name":"38 North — Pyongyang Financial Institutions (2017 update)","type":"research","url":"https://www.38north.org/wp-content/uploads/pdf/DPRK-Financial-Org_Upd-2017-1011.pdf"}]},{"content":"The 53 cryptocurrency addresses added to Cheil Credit Bank's SDN listing on November 4, 2025 are predominantly USDT (Tether, TRC-20) addresses on the Tron blockchain. According to on-chain analysis by TRM Labs and Elliptic, the collective inbound flows to these wallets exceeded $12.7 million in USDT between June 2023 and May 2025. At the time of designation, the total combined balance across the 53 addresses was approximately $5.4 million. Of the 53 designated addresses, 26 had already been blocklisted by Tether prior to the OFAC action, representing funds frozen during a large-scale Tether blocklisting operation in late April and May 2025. Inbound flow patterns — specifically consistent, regular payment amounts from multiple major centralized exchange hot wallets — are described by TRM Labs as resembling salary disbursements, consistent with DPRK IT workers employed abroad under false identities routing earnings back to Pyongyang. The addresses also show exposure to Huione Pay and Huione Guarantee (designated under Section 311 of the U.S. Patriot Act as primary money laundering concerns), as well as Xinbi Guarantee and Tudou Guarantee, platforms identified by blockchain analytics firms as facilitating large-scale illicit fund flows. Two bank employees, Jang Kuk Chol and Ho Jong Son, were simultaneously designated by OFAC for managing approximately $5.3 million in cryptocurrency on behalf of the bank; a portion of these funds was linked to a DPRK ransomware actor known to have targeted U.S. victims.","heading":"Cryptocurrency Addresses and Financial Flows","severity":"critical","sources":[{"credibility":2,"name":"Elliptic — OFAC lists 53 crypto addresses of sanctioned North Korean Cheil Credit Bank","type":"research","url":"https://www.elliptic.co/blog/ofac-lists-53-crypto-addresses-of-sanctioned-north-korean-cheil-credit-bank"},{"credibility":2,"name":"TRM Labs — US Treasury Sanctions DPRK Bankers and Front Companies","type":"research","url":"https://www.trmlabs.com/resources/blog/us-treasury-sanctions-dprk-bankers-and-front-companies-laundering-proceeds-from-cybercrime-and-it-worker-operations"},{"credibility":2,"name":"The Hacker News — U.S. Sanctions 10 North Korean Entities for Laundering $12.7M in Crypto and IT Fraud","type":"news_article","url":"https://thehackernews.com/2025/11/us-sanctions-10-north-korean-entities.html"},{"credibility":1,"name":"OFAC SDN Details — Cheil Credit Bank (ID 22985)","type":"regulatory","url":"https://sanctionssearch.ofac.treas.gov/Details.aspx?id=22985"}]},{"content":"The cryptocurrency addresses attributed to Cheil Credit Bank are described by TRM Labs as displaying inbound payment patterns consistent with DPRK overseas IT worker salary disbursements. North Korean IT workers — operating under fabricated identities using stolen documents, VPNs, and AI-generated profiles — seek employment with Western and global technology companies, typically posing as freelancers from Canada, Japan, China, Eastern Europe, or the United States. Once hired, these workers receive salaries, often in stablecoins such as USDT or USDC, which are then routed back to DPRK-controlled financial infrastructure. Korea Mangyongdae Computer Technology Company (KMCTC), designated alongside Cheil Credit Bank on November 4, 2025, operated IT worker delegations from Chinese cities including Shenyang and Dandong, and used Chinese nationals as banking intermediaries to obscure the origin of the funds. OFAC estimated the IT worker scheme generated nearly $800 million in 2024 alone across the broader DPRK program. The U.S. Department of State's concurrent statement described the Cheil Credit Bank network as part of the DPRK's 'vast network of internationally located representatives of DPRK financial institutions who provide access to international markets and financial systems' to launder fraudulent IT work revenue and digital asset heists in support of WMD and ballistic missile programs.","heading":"DPRK IT Worker Revenue Pipeline","severity":"critical","sources":[{"credibility":2,"name":"TRM Labs — US Treasury Sanctions DPRK Bankers and Front Companies","type":"research","url":"https://www.trmlabs.com/resources/blog/us-treasury-sanctions-dprk-bankers-and-front-companies-laundering-proceeds-from-cybercrime-and-it-worker-operations"},{"credibility":2,"name":"Chainalysis — DPRK IT Workers: North Korea Crypto Laundering Networks","type":"research","url":"https://www.chainalysis.com/blog/dprk-it-workers-north-korea-crypto-laundering-networks/"},{"credibility":1,"name":"U.S. Department of State — Disrupting Illicit DPRK Bankers and Institutions Laundering Cybercrime and IT Worker Funds","type":"regulatory","url":"https://www.state.gov/releases/office-of-the-spokesperson/2025/11/disrupting-illicit-dprk-bankers-and-institutions-laundering-cybercrime-and-it-worker-funds"},{"credibility":2,"name":"The Hacker News — U.S. Treasury Sanctions DPRK IT-Worker Scheme","type":"news_article","url":"https://thehackernews.com/2025/08/us-treasury-sanctions-dprk-it-worker.html"}]},{"content":"Two North Korean nationals were designated by OFAC simultaneously with the November 2025 cryptocurrency address expansion: Jang Kuk Chol and Ho Jong Son. Both are described in U.S. Treasury and State Department materials as managing funds, including approximately $5.3 million in cryptocurrency, on behalf of Cheil Credit Bank (referred to in U.S. official documents as First Credit Bank). A portion of these funds was identified as proceeds from DPRK ransomware operations targeting U.S. victims, and from IT worker revenue operations. The broader November 4, 2025 designation action also included Ho Yong Chol, Han Hong Gil, Jong Sung Hyok, Choe Chun Pom, and Ri Jin Hyok — representatives of Koryo Commercial Bank, Ryugyong Commercial Bank, the Foreign Trade Bank, and the Central Bank of the DPRK — operating across Russian and Chinese financial institutions. U Yong Su, president of Korea Mangyongdae Computer Technology Company, was also designated for directing overseas IT worker delegations that funneled revenue through Cheil Credit Bank and related infrastructure.","heading":"Designated Individuals","severity":"critical","sources":[{"credibility":2,"name":"CoinDesk — U.S. Sanctions North Korean Bankers Over Crypto Laundering Tied to Cyberattacks","type":"news_article","url":"https://www.coindesk.com/business/2025/11/04/u-s-sanctions-north-korean-bankers-over-crypto-laundering-tied-to-cyberattacks"},{"credibility":2,"name":"TRM Labs — US Treasury Sanctions DPRK Bankers and Front Companies","type":"research","url":"https://www.trmlabs.com/resources/blog/us-treasury-sanctions-dprk-bankers-and-front-companies-laundering-proceeds-from-cybercrime-and-it-worker-operations"},{"credibility":2,"name":"The Hacker News — U.S. Sanctions 10 North Korean Entities for Laundering $12.7M in Crypto and IT Fraud","type":"news_article","url":"https://thehackernews.com/2025/11/us-sanctions-10-north-korean-entities.html"},{"credibility":1,"name":"U.S. Treasury Press Release sb0302 — Treasury Sanctions DPRK Bankers and Institutions","type":"regulatory","url":"https://home.treasury.gov/news/press-releases/sb0302"}]},{"content":"Cheil Credit Bank operates within a broader ecosystem of DPRK state-directed cybercrime. According to U.S. Treasury statements, DPRK cyber actors have stolen more than $3 billion in cryptocurrency over a three-year period ending 2025, with Elliptic estimating North Korea-linked actors stole more than $2 billion in 2025 alone — a 51% year-over-year increase. The February 2025 Bybit exchange hack, attributed by the FBI to Lazarus Group (also known as TraderTraitor and APT38), resulted in the theft of approximately $1.5 billion in cryptocurrency, making it the single largest crypto heist on record. Chainalysis reported DPRK attacks in 2025 accounted for 76% of all crypto service compromises by value, achieved with 74% fewer known attack incidents than prior years — indicating increasingly targeted, high-yield operations. Cheil Credit Bank's cryptocurrency infrastructure represents the cashout and remittance layer of this broader theft ecosystem: funds stolen or earned by DPRK-linked actors are funneled through guarantee platforms (Huione, Xinbi, Tudou), through the bank's USDT wallets, and ultimately to the North Korean regime. The U.S. Treasury and UN reports document that these funds finance North Korea's nuclear weapons and ballistic missile programs.","heading":"Broader DPRK Cybercrime Context","severity":"critical","sources":[{"credibility":2,"name":"Chainalysis — 2025 Crypto Theft Reaches $3.4 Billion","type":"research","url":"https://www.chainalysis.com/blog/crypto-hacking-stolen-funds-2026/"},{"credibility":2,"name":"Elliptic — North Korea-linked hackers have already stolen over $2 billion in 2025","type":"research","url":"https://www.elliptic.co/blog/north-korea-linked-hackers-have-already-stolen-over-2-billion-in-2025"},{"credibility":2,"name":"TRM Labs — The Bybit Hack: Following North Korea's Largest Exploit","type":"research","url":"https://www.trmlabs.com/resources/blog/the-bybit-hack-following-north-koreas-largest-exploit"},{"credibility":1,"name":"NBC News — North Korea stole billions in crypto in 2025, new research says","type":"news_article","url":"https://www.nbcnews.com/tech/crypto/north-korea-stole-billions-crypto-2025-new-research-says-rcna249738"},{"credibility":2,"name":"The Record — Over $3.4 billion in crypto stolen throughout 2025, with North Korea again the top culprit","type":"news_article","url":"https://therecord.media/over-3-billion-crypto-stolen-2025-north-korea"}]},{"content":"Elliptic's on-chain analysis of the 53 designated Cheil Credit Bank addresses identified exposure to multiple illicit finance platforms. Huione Pay and Huione Guarantee — designated by FinCEN in May 2025 as primary money laundering concerns under Section 311 of the U.S. Patriot Act — processed at least $37.6 million in digital assets following DPRK-attributed heists. Xinbi Guarantee, a Chinese-language Telegram-based escrow and money laundering platform that processed over $19.9 billion in on-chain volume between 2021 and 2025, also appears in the exposure chain, as does Tudou Guarantee, which absorbed traffic from Huione and Xinbi after Telegram banned those channels in mid-2025. The flow of funds from Cheil Bank addresses through these guarantee platforms is consistent with standard DPRK layering techniques: stolen or IT-worker-earned stablecoins move through OTC exchanges and guarantee group vendors to obscure origin before reaching the DPRK treasury. The Tether blocklisting of 26 of the 53 addresses in April–May 2025 — prior to OFAC's formal designation — indicates that commercial compliance mechanisms identified the addresses as high-risk before U.S. government action was taken.","heading":"Connections to Illicit Finance Platforms","severity":"critical","sources":[{"credibility":2,"name":"Elliptic — OFAC lists 53 crypto addresses of sanctioned North Korean Cheil Credit Bank","type":"research","url":"https://www.elliptic.co/blog/ofac-lists-53-crypto-addresses-of-sanctioned-north-korean-cheil-credit-bank"},{"credibility":2,"name":"Money Laundering Watch — FinCEN Bars Huione Group from Financial System","type":"news_article","url":"https://www.moneylaunderingnews.com/2025/10/fincen-bars-huione-group-from-financial-system/"},{"credibility":2,"name":"Chainalysis — Xinbi Designation: Chinese Scam Infrastructure","type":"research","url":"https://www.chainalysis.com/blog/xinbi-designation-chinese-language-crypto-scam-infrastructure/"},{"credibility":2,"name":"TRM Labs — Huione Guarantee and Xinbi Still Operating on Telegram Despite Ban","type":"research","url":"https://www.trmlabs.com/resources/blog/huione-guarantee-and-xinbi-still-operating-on-telegram-despite-ban-underscoring-illicit-actors-persistence"}]},{"content":"Any individual or entity that engages in a transaction with Cheil Credit Bank or any of its 53 designated cryptocurrency addresses is exposed to OFAC secondary sanctions risk under the North Korea Sanctions Regulations. U.S. persons are categorically prohibited from transacting with the bank. Non-U.S. persons face secondary designation risk. Exchanges and stablecoin issuers holding or processing funds traceable to the designated addresses face regulatory exposure under both U.S. and international sanctions frameworks. Tether's proactive blocklisting of 26 of the 53 addresses prior to the OFAC designation demonstrates that commercial compliance infrastructure can precede formal regulatory action. Blockchain analytics providers including TRM Labs, Elliptic, and Chainalysis have all published technical attribution linking the designated addresses to the bank. All 53 Tron-network USDT addresses remain on the OFAC SDN list as of the date of this investigation. Secondary sanctions exposure applies across multiple jurisdictions: U.S. (OFAC), Japan (Ministry of Finance), and Australia (DPRK Sanctions Regime).","heading":"Compliance and Counterparty Risk","severity":"critical","sources":[{"credibility":1,"name":"OFAC SDN Details — Cheil Credit Bank (ID 22985)","type":"regulatory","url":"https://sanctionssearch.ofac.treas.gov/Details.aspx?id=22985"},{"credibility":2,"name":"TRM Labs — US Treasury Sanctions DPRK Bankers and Front Companies","type":"research","url":"https://www.trmlabs.com/resources/blog/us-treasury-sanctions-dprk-bankers-and-front-companies-laundering-proceeds-from-cybercrime-and-it-worker-operations"},{"credibility":2,"name":"OpenSanctions — Cheil Credit Bank entity record","type":"other","url":"https://www.opensanctions.org/entities/NK-6EKRRzybwoAuPWKmX2zRnr/"}]}],"sources_used":[{"credibility":1,"name":"OFAC SDN Details — Cheil Credit Bank (ID 22985)","type":"regulatory","url":"https://sanctionssearch.ofac.treas.gov/Details.aspx?id=22985"},{"credibility":1,"name":"OFAC Recent Action — November 4, 2025","type":"regulatory","url":"https://ofac.treasury.gov/recent-actions/20251104"},{"credibility":1,"name":"Federal Register — Notice of OFAC Sanctions Action, Nov 17, 2025","type":"regulatory","url":"https://www.federalregister.gov/documents/2025/11/17/2025-19924/notice-of-ofac-sanctions-action"},{"credibility":1,"name":"OFAC North Korea Designations — September 26, 2017","type":"regulatory","url":"https://ofac.treasury.gov/recent-actions/20170926_33"},{"credibility":1,"name":"U.S. Treasury Press Release sb0302 — Treasury Sanctions DPRK Bankers and Institutions","type":"regulatory","url":"https://home.treasury.gov/news/press-releases/sb0302"},{"credibility":1,"name":"U.S. Department of State — Disrupting Illicit DPRK Bankers and Institutions","type":"regulatory","url":"https://www.state.gov/releases/office-of-the-spokesperson/2025/11/disrupting-illicit-dprk-bankers-and-institutions-laundering-cybercrime-and-it-worker-funds"},{"credibility":2,"name":"Elliptic — OFAC lists 53 crypto addresses of sanctioned North Korean Cheil Credit Bank","type":"research","url":"https://www.elliptic.co/blog/ofac-lists-53-crypto-addresses-of-sanctioned-north-korean-cheil-credit-bank"},{"credibility":2,"name":"TRM Labs — US Treasury Sanctions DPRK Bankers and Front Companies","type":"research","url":"https://www.trmlabs.com/resources/blog/us-treasury-sanctions-dprk-bankers-and-front-companies-laundering-proceeds-from-cybercrime-and-it-worker-operations"},{"credibility":2,"name":"CoinDesk — U.S. Sanctions North Korean Bankers Over Crypto Laundering Tied to Cyberattacks","type":"news_article","url":"https://www.coindesk.com/business/2025/11/04/u-s-sanctions-north-korean-bankers-over-crypto-laundering-tied-to-cyberattacks"},{"credibility":2,"name":"The Hacker News — U.S. Sanctions 10 North Korean Entities for Laundering $12.7M in Crypto and IT Fraud","type":"news_article","url":"https://thehackernews.com/2025/11/us-sanctions-10-north-korean-entities.html"},{"credibility":2,"name":"Chainalysis — DPRK IT Workers: North Korea Crypto Laundering Networks","type":"research","url":"https://www.chainalysis.com/blog/dprk-it-workers-north-korea-crypto-laundering-networks/"},{"credibility":2,"name":"Chainalysis — 2025 Crypto Theft Reaches $3.4 Billion","type":"research","url":"https://www.chainalysis.com/blog/crypto-hacking-stolen-funds-2026/"},{"credibility":2,"name":"Elliptic — North Korea-linked hackers have already stolen over $2 billion in 2025","type":"research","url":"https://www.elliptic.co/blog/north-korea-linked-hackers-have-already-stolen-over-2-billion-in-2025"},{"credibility":2,"name":"TRM Labs — The Bybit Hack: Following North Korea's Largest Exploit","type":"research","url":"https://www.trmlabs.com/resources/blog/the-bybit-hack-following-north-koreas-largest-exploit"},{"credibility":1,"name":"NBC News — North Korea stole billions in crypto in 2025, new research says","type":"news_article","url":"https://www.nbcnews.com/tech/crypto/north-korea-stole-billions-crypto-2025-new-research-says-rcna249738"},{"credibility":2,"name":"The Record — Over $3.4 billion in crypto stolen throughout 2025, with North Korea again the top culprit","type":"news_article","url":"https://therecord.media/over-3-billion-crypto-stolen-2025-north-korea"},{"credibility":2,"name":"OpenSanctions — Cheil Credit Bank entity record","type":"other","url":"https://www.opensanctions.org/entities/NK-6EKRRzybwoAuPWKmX2zRnr/"},{"credibility":2,"name":"Chainalysis — Xinbi Designation: Chinese Scam Infrastructure","type":"research","url":"https://www.chainalysis.com/blog/xinbi-designation-chinese-language-crypto-scam-infrastructure/"},{"credibility":2,"name":"Money Laundering Watch — FinCEN Bars Huione Group from Financial System","type":"news_article","url":"https://www.moneylaunderingnews.com/2025/10/fincen-bars-huione-group-from-financial-system/"},{"credibility":2,"name":"38 North — Pyongyang Financial Institutions (2017 update)","type":"research","url":"https://www.38north.org/wp-content/uploads/pdf/DPRK-Financial-Org_Upd-2017-1011.pdf"},{"credibility":3,"name":"SlowMist — U.S. Sanctions North Korea's Crypto Laundering Network","type":"research","url":"https://slowmist.medium.com/u-s-sanctions-north-koreas-crypto-laundering-network-multiple-bank-staff-and-financial-d78de50e6404"},{"credibility":2,"name":"Finance Magnates — U.S. Sanctions North Korean Bankers, Firms Over Crypto Laundering Tied to Weapons Funding","type":"news_article","url":"https://www.financemagnates.com/cryptocurrency/us-sanctions-north-korean-bankers-firms-over-crypto-laundering-tied-to-weapons-funding/"},{"credibility":2,"name":"DL News — US sanctions North Korean bankers tied to $3bn crypto theft network","type":"news_article","url":"https://www.dlnews.com/articles/defi/us-sanctions-north-korean-bankers-tied-to-crypto-theft/"}],"summary":"Cheil Credit Bank, also known as First Credit Bank and formerly as Kyongyong Credit Bank, is a North Korean state-controlled financial institution headquartered in Pyongyang with representative offices in Beijing, Shenyang, and Shanghai. First designated by OFAC in September 2017 under Executive Order 13810 for operating in North Korea's financial services sector, the bank was dramatically re-expanded on November 4, 2025, when OFAC added 53 cryptocurrency addresses to its Specially Designated Nationals listing, linking it to over $12.7 million in USDT-TRC20 flows between June 2023 and May 2025 — funds attributed primarily to DPRK overseas IT workers and cybercrime proceeds destined for the regime's weapons programs.","timeline":[{"date":"2017-09-21","event":"President Trump signs Executive Order 13810, authorizing broad sanctions against North Korea's financial sector following DPRK's sixth nuclear test on September 3, 2017.","source":"U.S. Treasury / Federal Register","source_url":"https://ofac.treasury.gov/recent-actions/20170926_33"},{"date":"2017-09-26","event":"OFAC designates Cheil Credit Bank (First Credit Bank) to the SDN list under E.O. 13810 for operating in North Korea's financial services sector. Bank is assigned SDN ID 22985 and DPRK4 program code.","source":"OFAC Recent Actions","source_url":"https://ofac.treasury.gov/recent-actions/20170926_33"},{"date":"2017-11-07","event":"Japan's Ministry of Finance independently designates Cheil Credit Bank under its own DPRK sanctions regime.","source":"OpenSanctions — Cheil Credit Bank entity record","source_url":"https://www.opensanctions.org/entities/NK-6EKRRzybwoAuPWKmX2zRnr/"},{"date":"2023-06-01","event":"Approximate start of the period during which OFAC-designated Cheil Credit Bank cryptocurrency addresses began receiving USDT inflows consistent with IT worker salary disbursements. Activity would continue through May 2025.","source":"TRM Labs — US Treasury Sanctions DPRK Bankers","source_url":"https://www.trmlabs.com/resources/blog/us-treasury-sanctions-dprk-bankers-and-front-companies-laundering-proceeds-from-cybercrime-and-it-worker-operations"},{"date":"2023-12-01","event":"Australia designates Cheil Credit Bank under its DPRK Sanctions Regime.","source":"OpenSanctions — Cheil Credit Bank entity record","source_url":"https://www.opensanctions.org/entities/NK-6EKRRzybwoAuPWKmX2zRnr/"},{"date":"2025-02-21","event":"North Korea's Lazarus Group hacks Bybit exchange for approximately $1.5 billion in cryptocurrency, the largest crypto heist in history. FBI confirms attribution to TraderTraitor/APT38. Funds are laundered through thousands of wallets and cross-chain bridges.","source":"TRM Labs — The Bybit Hack","source_url":"https://www.trmlabs.com/resources/blog/the-bybit-hack-following-north-koreas-largest-exploit"},{"date":"2025-04-01","event":"Approximate start of Tether's proactive blocklisting operation targeting DPRK-linked addresses. 26 of the 53 Cheil Credit Bank cryptocurrency addresses are blocklisted by Tether in April–May 2025, freezing a portion of the active balances.","source":"Elliptic — OFAC lists 53 crypto addresses of sanctioned North Korean Cheil Credit Bank","source_url":"https://www.elliptic.co/blog/ofac-lists-53-crypto-addresses-of-sanctioned-north-korean-cheil-credit-bank"},{"date":"2025-05-01","event":"FinCEN designates Huione Group as a primary money laundering concern under Section 311 of the U.S. Patriot Act. Cheil Credit Bank cryptocurrency addresses show on-chain exposure to Huione Pay and Huione Guarantee.","source":"Money Laundering Watch — FinCEN Bars Huione Group","source_url":"https://www.moneylaunderingnews.com/2025/10/fincen-bars-huione-group-from-financial-system/"},{"date":"2025-11-04","event":"OFAC adds 53 cryptocurrency addresses (primarily USDT TRC-20 on the Tron blockchain) to Cheil Credit Bank's SDN listing. Simultaneously designates bank employees Jang Kuk Chol and Ho Jong Son for managing approximately $5.3 million in cryptocurrency on the bank's behalf. Korea Mangyongdae Computer Technology Company, Ryujong Credit Bank, and five additional DPRK banking representatives are designated in the same action. Collective inbound flows to the 53 wallets totaled over $12.7 million (June 2023 to May 2025). Balance at time of designation: approximately $5.4 million.","source":"OFAC Recent Actions — November 4, 2025","source_url":"https://ofac.treasury.gov/recent-actions/20251104"},{"date":"2025-11-04","event":"U.S. Department of State issues concurrent statement describing Cheil Credit Bank's cryptocurrency network as part of the DPRK's sanctions-evasion architecture funding WMD and ballistic missile programs.","source":"U.S. Department of State — Disrupting Illicit DPRK Bankers","source_url":"https://www.state.gov/releases/office-of-the-spokesperson/2025/11/disrupting-illicit-dprk-bankers-and-institutions-laundering-cybercrime-and-it-worker-funds"},{"date":"2025-11-17","event":"Federal Register publishes formal notice of the November 4, 2025 OFAC sanctions action adding 53 cryptocurrency addresses to Cheil Credit Bank's SDN record.","source":"Federal Register — Notice of OFAC Sanctions Action","source_url":"https://www.federalregister.gov/documents/2025/11/17/2025-19924/notice-of-ofac-sanctions-action"},{"date":"2025-12-01","event":"Chainalysis and Elliptic year-end reporting places total DPRK cryptocurrency theft in 2025 at approximately $2.02 billion — a record annual figure — out of $3.4 billion stolen across all actors globally. DPRK attacks account for 76% of all crypto service compromises by value.","source":"Chainalysis — 2025 Crypto Theft Reaches $3.4 Billion","source_url":"https://www.chainalysis.com/blog/crypto-hacking-stolen-funds-2026/"}]},"v":1}

   Verify offline (run on your own machine)

   python -m src.verify_decision c081dba1-47c0-4752-968c-b68f32edf086copy