Court Grants US Forfeiture of $16M in Crypto Stolen by North Korean Hackers

On Wednesday, March 11, 2026, the United States District Court for the District of Columbia granted a default judgment in a civil forfeiture case, ordering the forfeiture of approximately 2204.7622 SOL cryptocurrency to the U.S. government. The cryptocurrency was stolen by North Korean hackers, identified as part of the Lazarus Group, from Rain Management W.L.L. on April 29, 2024, totaling $16.13 million.

The hackers infiltrated Rain Management’s systems through a sophisticated LinkedIn job scam. They sent a malicious coding challenge that compromised an employee’s device, leading to unauthorized transactions on the Solana blockchain. The FBI subsequently seized approximately 2210.8222 SOL from the WhiteBIT exchange in Lithuania, linked to the theft.

The court determined that the unauthorized blockchain transactions constituted “damage” to protected computers under U.S. law, specifically referencing Section 1030, which addresses computer fraud. The Solana blockchain operates on computers globally, including those within Washington D.C., further establishing jurisdiction.

The ruling stated that the government met the required burden of proof for a default judgment by presenting sufficient evidence to support a reasonable belief that the cryptocurrency was subject to forfeiture. The court also noted that even if only foreign computers were involved, the statute covers computers affecting U.S. interstate or foreign commerce.

The government provided proper notice under Supplemental Rule G(4), but no claimants appeared to contest the forfeiture. As a result, the court ordered the cryptocurrency forfeited to the United States, with title vesting solely in the government. The property will be disposed of according to the law, and the case was dismissed as a final appealable order.

Please contact BlockTribune for access to a copy of this filing.