Arizona TikToker Sentenced for Aiding $17M North Korean IT Worker Scheme

An Arizonan TikTok influencer was handed a lengthy prison sentence on Thursday for helping North Korean operatives fraudulently obtain remote IT jobs at hundreds of U.S. companies, part of a sophisticated scheme to fund the country’s sanctioned weapons program.

Christina Marie Chapman was convicted in the District of Columbia for wire fraud conspiracy, aggravated identity theft, and money laundering conspiracy. 

She was sentenced to 8.5 years in prison, three years of supervised release, and ordered to forfeit more than $284,000 and pay restitution of $176,850.

“The North Korean regime has generated millions of dollars for its nuclear weapons program by victimizing American citizens, businesses, and financial institutions,” said FBI Counterintelligence Assistant Director Roman Rozhavsky in a statement.

“Even an adversary as sophisticated as the North Korean government can’t succeed without the assistance of willing U.S. citizens like Christina Chapman.”

The case is yet another example of North Korea’s covert attempts to infiltrate foreign companies, particularly in the tech and crypto sectors. U.S. authorities say Pyongyang has deployed thousands of skilled IT workers worldwide who use false identities to secure remote jobs and either route earnings back to the regime or enable hackers to attack companies.

Crypto platforms, in particular, have emerged as frequent targets as planting workers is a way for the regime to find weaknesses in security and attack the crypto wallets of a company. According to Chainalysis, North Korean-linked hackers stole $1.34 billion in crypto in 2024 alone, a 21% increase over the previous year. 

Chapman, a freelancer and influencer who had over 100,000 followers on TikTok, was initially approached by North Korean operatives via LinkedIn.

From around 2020, she assisted North Korean efforts by operating a “laptop farm” from her home, hosting computers sent by companies so that IT workers could remotely access them while appearing to be inside the U.S.

Authorities say she also shipped 49 devices to locations overseas, including multiple parcels to a Chinese city near North Korea. More than 90 laptops were seized from her home.

Using stolen or borrowed identities, the North Korean operatives earned millions, with wages sent via direct deposit or forged payroll checks. Chapman helped launder the money through her own accounts, then sent it abroad. The income was falsely reported under the names of real U.S. citizens to the IRS and Social Security Administration.

Over several years, she helped North Korean workers secure jobs at over 300 U.S. firms, including Fortune 500 companies, a major television network, an aerospace manufacturer, and a Silicon Valley tech company.

Three North Koreans charged alongside Chapman remain at large.

North Korean operatives use a variety of deception techniques to obscure their origins, including VPNs, posing as people from other countries, and hiring others to front initial job interviews.

Fraser Edwards, CEO and founder of the UK-based company Cheqd, told Decrypt that the company had experienced several infiltration attempts and had noticed several red flags that pointed to North Korean involvement.

“Our CTO went back and looked at some of the recordings [of interview tests] and when [the ostensibly European candidate was] moving between windows, there were Korean characters on there,” said Edwards. 

“Another red flag was IP addresses always routing through proxies. They were deliberately trying to hide their identities all the way through.”

Edwards and others say North Koreans are now using European actors to handle early-stage interviews or screening calls, making detection harder. Even when caught, they often quickly pivot to new fake identities or job posts.