An endgame was not immediately in sight. Senate Majority Leader John Thune of South Dakota is working for a last-minute agreement between those in his party worried the bill’s reductions to Medicaid will leave millions without care and his most conservative flank, which wants even steeper cuts to hold down deficits ballooning with the tax cuts.

Thune declared at one point they were in the “homestretch” as he dashed through the halls at the Capitol, only to backtrack a short time later, suggesting any progress was “elusive.”

At the same time House Speaker Mike Johnson has signaled more potential problems ahead, warning the Senate package could run into trouble when it is sent back to the House for a final round of voting, as skeptical lawmakers are being called back to Washington ahead of Trump’s Fourth of July deadline.

“I have prevailed upon my Senate colleagues to please, please, please keep it as close to the House product as possible,” said Johnson, the Louisiana Republican. House Republicans had already passed their version last month.

It’s a pivotal moment for the Republicans, who have control of Congress and are racing to wrap up work with just days to go before Trump’s holiday deadline Friday. The 940-page “One Big Beautiful Bill Act,” as it’s formally titled, has consumed Congress as its shared priority with the president.

In a midnight social media post urging them on, Trump called the bill “perhaps the greatest and most important of its kind.” Vice President JD Vance summed up his own series of posts, simply imploring senators to “Pass the bill.”

The GOP leaders have no room to spare, with narrow majorities in both chambers. Thune can lose no more than three Republican senators, and already two — Sen. Thom Tillis of North Carolina, who warns people will lose access to Medicaid health care, and Sen. Rand Paul of Kentucky, who opposes raising the debt limit — have indicated opposition. Tillis abruptly announced over the weekend he would not seek reelection after Trump threatened to campaign against him.

Attention quickly turned to key senators, Lisa Murkowski of Alaska and Susan Collins of Maine, who have also raised concerns about health care cuts, but also a loose coalition of four conservative GOP senators pushing for even steeper reductions.

And on social media, billionaire Elon Musk was again lashing out at Republicans as “the PORKY PIG PARTY!!” for including a provision that would raise the nation’s debt limit by $5 trillion, which is needed to allow continued borrowing to pay the bills.

Senate Democratic Leader Chuck Schumer of New York said his side was working to show “how awful this is.”

“Republicans are in shambles because they know the bill is so unpopular,” Schumer said as he walked the halls.

A new analysis from the nonpartisan Congressional Budget Office found 11.8 million more Americans would become uninsured by 2034 if the bill became law. The CBO said the package would increase the deficit by nearly $3.3 trillion over the decade.

Senators to watch

Few Republicans appear fully satisfied as the final package emerges, in either the House or Senate.

Tillis said it is a betrayal of the president’s promises not to kick people off health care, especially if rural hospitals close.

Collins had proposed bolstering the $25 billion proposed rural hospital fund to $50 billion, but her amendment failed. And Murkowski was trying to secure provisions to spare people in her state from some health care and food stamp cuts while also working to beef up federal reimbursements to Alaska’s hospitals. They have not said how they would vote for the final package.

“Radio silence,” Murkowski said when asked.

At the same time, conservative Senate Republicans proposing steeper health care cuts, including Rick Scott of Florida, Mike Lee of Utah, Ron Johnson of Wisconsin and Cynthia Lummis of Wyoming, filed into Thune’s office for a near-midnight meeting.

The Senate has spent some 18 hours churning through more than two dozen amendments in what is called a vote-a-rama, a typically laborious process that went on longer than usual as negotiations happen on and off the chamber floor. The White House legislative team also was at the Capitol.

A few of the amendments — to strike parts of the bill that would limit Medicaid funds to rural hospitals or shift the costs of food stamp benefits to the states — were winning support from a few Republicans, though almost none were passing.

Sen. Mike Crapo, the GOP chairman of the Finance Committee, dismissed the dire predictions of health care cuts as Democrats trafficking in what he called the “politics of fear.”

What’s in the big bill

All told, the Senate bill includes $4.5 trillion in tax cuts, according to the latest CBO analysis, making permanent Trump’s 2017 rates, which would expire at the end of the year if Congress fails to act, while adding the new ones he campaigned on, including no taxes on tips.

The Senate package would roll back billions of dollars in green energy tax credits, which Democrats warn will wipe out wind and solar investments nationwide. It would impose $1.2 trillion in cuts, largely to Medicaid and food stamps, by imposing work requirements on able-bodied people, including some parents and older Americans, making sign-up eligibility more stringent and changing federal reimbursements to states.

Additionally, the bill would provide a $350 billion infusion for border and national security, including for deportations, some of it paid for with new fees charged to immigrants.

Democrats fighting all day and night

Unable to stop the march toward passage, the Democrats as the minority party in Congress are using the tools at their disposal to delay and drag out the process.

Democrats forced a full reading of the text, which took 16 hours, and they have a stream of amendments.

Sen. Patty Murray of Washington, the ranking Democrat on the Appropriations Committee, raised particular concern at the start of debate late Sunday about the accounting method being used by the Republicans, which says the tax breaks from Trump’s first term are now “current policy” and the cost of extending them should not be counted toward deficits.

She said that kind of “magic math” won’t fly with Americans trying to balance their own household books.

At first, everything appears to be in order. But it’s not.

I’ve uncovered multiple examples of how AI-generated music released by – oh yes – fake artists is rapidly growing in popularity on music streaming services.

I’ll focus on Spotify – mainly because of the transparency it offers when it comes to listening data.

Yet music from all of the artists named below is available on a range of streaming services, including Apple Music, Amazon Music, YouTube Music, and more.

Aven-this… cannot be real

Outlaw country artist Aventhis is verified on Spotify – where just over a million (1.072M) listeners absorb his work each month.

He’s even popular enough to have one of those official Spotify-generated ‘THIS IS… Aventhis’ playlists under his name.

And his music? It’s gaining traction, with the blues-soaked, 2025-released Mercy On My Grave racking up more than 2 million plays.

You already know what comes next, but that doesn’t make writing it feel any less depressing.

Aventhis isn’t real. Neither is his voice. He, and it, are both AI-generated.

Aventhis is not an outlaw of any kind. He’s a bot.

I know this for sure because, to verify it, I deployed some sophisticated decoding technologies. Namely: a human being’s eyes, brain, and fingers. Plus the internet.

Three months ago, over on YouTube, under one of Aventhis’ videos, a commentator outright asked what role AI has played in the artist’s music.

The anonymous owner of Aventhis’ channel replied: “[The] voice and image is created with the help of AI. The lyrics are written by me.”

I’d wager that, in this case, ‘me’ is really David Vieira – the man credited as the songwriter and producer behind Aventhis’ songs on Spotify (see below).

I’d also wager that, to create Aventhis’ music, Vieira probably used one of Udio and Suno – the two best-known generative AI music platforms,  which both enable users to input their own lyrics for created songs.

Aventhis was recently recommended to me by Spotify via an algorithmic playlist.

So far, ‘he’ has released three albums of songs on Spotify and other streaming services: Dark Country Vol.1, Dark Country Vol.2, and Dark Country Vol.3.

All three have arrived in the past four months – 57 tracks in total.

The Devil’s in the detail

Once I started listening to Aventhis, Spotify soon recommended another AI artist, also in the ‘outlaw country’ field, and likely created with Suno or Udio.

The Devil Inside is a ‘band’ with approximately 700,000 Spotify monthly listeners.

Like Aventhis, they are Spotify ‘verified’ and their biggest track – Bones In The River – has 1.6 million streams to date.

The Devil Inside takes the ‘AI-as-f**k’ trophy here, because the group has an entirely fake persona… and fake faces.

According to their streaming platform biography, the band hails “from the rugged landscapes of the American South”.

Then the insidious bit: “The songs are based on real creative inspiration, but the characters are illustrative. The images are part of a carefully crafted visual world that complements the music’s dark, cinematic atmosphere, much like a graphic novel or a fictional film universe.”

In other words, the guys you see below – who have their own Instagram page and a range of merch available online – have never actually been born.

In the human sense, anyway.

Sundown, you better beware vs. Hustles Culture

Some hulabaloo has been caused in the past few days by a different, seemingly AI-generated band – The Velvet Sundown – gaining traction on streaming platforms.

Following some media pickup, The Velvet Sundown now has just over 550,000 Spotify monthly listeners.

They, too, have an AI-generated band ‘photo’ (see below).

And just like Aventhis and The Devil Inside, they are ‘verified’ on Spotify, with an official ‘THIS IS…’ playlist on the service.

At least some of the online outrage caused by The Velvet Sundown in recent days has been driven by their music being recommended in subscribers’ algorithmic playlists, like Discover Weekly.

In truth, this is nothing new.

Around six months before Spotify recommended me Aventhis’ music, I was directly pitched a suspiciously AI-looking artist by the platform for the first time.

Nick Hustles’ oeuvre combines classic soul sounds of the ’70s with (often pretty offensive) lyrical pastiches of modern street slang.

As we headed into the 2024 festive break, my algo-Spotify playlist added Hustles’ Christmas-themed I Caught Santa Clause [sic] Sniffing Cocaine.

Puerile lyrics and slight AI wobble in the vocals aside, the track was – ahem – heavily influenced by the lazy bass runs and falsetto vocals of Marvin Gaye’s  I Want You-era output.

Today, Nick Hustles’ most popular tracks include ‘I Feel Like Slapping A N**** Today’, ‘I LOST MY FUCKING VAPE AGAIN’, and ‘Be Yourself’.

Another Hustles track, ‘Why U N****s Gotta Hate,’ gets a special mention here because 50 Cent recently filmed himself singing along to it – and affectionately chuckling at its lyrics – before broadcasting it to his 35 million Instagram followers.

---

Nick Hustles currently has over 200,000 monthly listeners on Spotify.

Unlike the other AI artists mentioned here, with Hustles, there is a decent online footprint of who actually created him.

According to social profiles, Nick Hustles was unleashed into the world by Nick Arter, who describes himself as a “Songwriter | Lyricist | AI Storyteller | Music Futurist”.

---

---

Apparently based in Pennsylvania, Arter is the founder of social channel AI For The Culture, which has over 100,000 followers on Instagram.

Said Instagram page features an array of fictional AI artists of Arter’s creation, usually presented as having recorded ‘deep cuts’ from long-lost 60s/70s/80s soul and funk records.

“Songwriter | Lyricist | AI Storyteller | Music Futurist.”

Nick Arter’s biog on Instagram

This article has yet to discuss how the popularity of AI artists on streaming services – and the rapidity with which ‘they’ can release new tunes – could potentially divert royalties away from real human performers.

Suffice to say that, since Nick Hustles’ music started appearing on Spotify last year, he (aka: Nick Arter) has released over 50 ‘singles’ on the platform.

Tellingly, one of Arter’s Instagram tracks, attributed to the completely made-up artist Terry “Goldmind” Watkins, is called I Make More Money Than My Teachers.

---

---

The bigger picture

Now that we’ve started exploring this rabbit hole, it’s not very hard to find much more AI-made music on Spotify, Amazon Music, and YouTube Music.

For example, judging by the telltale factors (algorithmic relation to other AI acts, suspicious artwork, the AI vocal ‘wobble’, etc.), I suspect the following artists have all been created with Suno/Udio/alternatives.

I discovered many of them when they were linked to other AI artists in Spotify’s ‘Fans Also Like…’ section.

As you can see, they’re all doing nicely.

---

---

So.

In this article alone, based on a few days of rudimentary research, I’ve named 13 different AI-made ‘artists’ currently active on Spotify, with approximately 4.1 million cumulative monthly listeners between them.

• Obvious question 1: Is this scratching the surface? How much ‘AI slop’ is now running free on music streaming platforms like Spotify – and how much ‘stream-share’ in terms of royalties are being absorbed by the creators of these fake acts?
• Obvious question 2: Is there any hope that music streaming services and DIY distributors will/can clean up this music? Would doing so, behind closed doors at the DSPs, actually clash with a tech utopian ideology?
• Obvious question 3: Where is all this going?

I can take a crack at answering Q3, there. It’s not a happy place.

Under Aventhis’ ‘Fans Also Like…’ section on Spotify (see below), you’ll find the equally AI-born Devil Inside, Aven, and DV8.

You’ll also find very non-AI artists, including Bryan Elijah Smith, whose The Line is one of my favourite songs from the past year (by an actual homo-sapian).

---

---

And here’s the thing. You see Sons Of Legion, above?

They’re a real and popular human duo based in Nashville – who’ve signed to Concord.

But earlier, especially considering the Spotify-recommending-AI situation, I couldn’t be sure.

To check, I deployed music’s acid test for humanness: I searched for any upcoming tour dates – to no avail.

Then I scanned their socials, and found, just a few days ago, they both spoke to camera – explaining that although they might do “pop up” shows in 2025, they won’t look to do a proper tour until 2026.

‘How convenient,’ I found myself thinking. ‘So you don’t need to prove to anyone you’re actual human beings. Am I looking at a couple of AI-generated deepfakes here?’

I wasn’t. I wish Sons Of Legion a long and successful career ahead.

Yet this experience reminds us how skeptical music fans might become over authenticity, should fictional AI slop continue to be splattered throughout their streaming services.

The ultimate test of whether fans like – or trust – tomorrow’s artists may require actually seeing them perform… up close, and away from a screen.

When you think about it, perhaps it was ever thus.Music Business Worldwide

Unlock the White House Watch newsletter for free

Your guide to what Trump’s second term means for Washington, business and the world

Donald Trump’s top trade officials are scaling back their ambitions for comprehensive reciprocal deals with foreign countries, seeking narrower agreements to avert the looming reimposition of US tariffs.

Four people familiar with the talks said US officials were seeking phased deals with the most engaged countries as they race to find agreements by July 9, when Trump has vowed to reimpose his harshest levies.

The narrower, piecemeal plan for new deals marks a retreat from the White House’s vow to strike 90 trade deals during the 90-day pause in the sweeping “reciprocal” tariffs the president announced on April 2.

But it also offers some countries a chance to strike modest agreements. The administration would seek “agreements in principle” on a small number of trade disputes ahead of the deadline, the people said.

Countries that agree these narrower deals would be spared the harsher reciprocal tariffs, but left with an existing 10 per cent levy while talks on thornier issues continue, the people said.

However, talks remain complex, and alongside its narrower approach to deals, the administration was also still considering imposing tariffs on critical sectors, people familiar with the matter said.

The twin track, involving the threat of new tariffs alongside openness to deals, underscores the difficulty facing negotiators with Trump, who has used trade as a cudgel to secure concessions from other countries.

Last week the president announced he would end trade talks with Canada, prompting Ottawa to immediately rescind a digital services tax that Washington objected to.

Trump triggered a global stock market rout in early April after imposing steep tariffs on the US’s largest trading partners, following weeks of a chaotic trade policy rollout marked by reversals and U-turns.

Although he has since walked back some of the most punitive levies, so far the US has only reached a trade pact with the UK and signed a tentative truce with China.

Foreign negotiators are now trying to understand what will come next.

The US commerce department had already launched national security probes — Section 232 investigations — into goods including copper, lumber, aerospace parts, pharmaceuticals, chips and critical minerals.

Several countries in serious trade talks with the US have sought relief from existing sectoral tariffs of 25 per cent on cars and their parts and 50 per cent on steel and aluminium.

The US’s trade deal with the UK provides a limited lower-tariff quota for British cars and pledges to negotiate other carve-outs for pharmaceuticals. The UK also won lower levies on steel and aerospace parts.

People familiar with the talks said the poor visibility of possible new sectoral tariffs the US might impose at a later date were hindering discussions.

On Monday, Treasury secretary Scott Bessent suggested the US was focused primarily on the reciprocal tariffs, and would leave sectoral levies until later.

“The Section 232s take longer to implement, so we’ll see what happens with those,” he said in an interview with Bloomberg TV.

It is also unclear how Trump will set any new tariff rates on countries that do not agree a new deal before the July 9 deadline.

On Monday, White House press secretary Karoline Leavitt said Trump was meeting with his trade team to set tariff rates for “many of these countries if they don’t come to the table in good faith”.

The president later suggested on his Truth Social account that Japan would be sent a new tariff rate, despite weeks of trade negotiations between them.

“To show people how spoiled Countries have become with respect to the United States of America, and I have great respect for Japan, they won’t take our RICE, and yet they have a massive rice shortage,” Trump wrote.

“In other words, we’ll just be sending them a letter, and we love having them as a Trading Partner for many years to come.”

Some people familiar with the talks said there was also uncertainty about whether Trump would stick to his schedule about ending his 90-day pause.

Bessent also told Bloomberg TV that any potential extensions to the July 9 deadline would be up to the president, but that he expected to see “a flurry” of deals ahead of the deadline. 

But last week the Treasury secretary told Fox News that the US was negotiating with 18 trading partners and agreements could be done during the summer.

In May, two court rulings declared Trump’s use of emergency powers to impose reciprocal tariffs unlawful. The administration has appealed, but the rulings had also injected uncertainty into talks, people familiar with the negotiations said.

The White House declined to comment.

According to the first major indictment from the District of Massachusetts, a crew of North Korean IT workers allegedly partnered with co-conspirators in New York, New Jersey, California, and overseas to steal the identities of more than 80 U.S. people, get remote jobs at more than 100 companies—many in the Fortune 500—and steal at least $5 million. According to the second indictment, a four-person team of North Korean IT workers allegedly traveled to the United Arab Emirates where they used stolen identities to pose as remote IT workers, get jobs at American companies for themselves and unnamed co-conspirators, and then systematically steal digital currency to fund North Korea’s nuclear-weapons programs, authorities claimed in the five-count federal charging document. 

The indictments lay out in detail the way the IT worker scheme has leveled up from merely relying on fake and fabricated identities, to a complex web of American-led front companies. The front companies are founded by paid accomplices and make it appear as though the IT workers are affiliated with legitimate U.S. businesses. The front runners conceal the North Korean IT workers behind stolen American identities, and offer them U.S. addresses to take shipment of laptops sent out by companies for remote software jobs. The stolen revenue generated in the fraud scheme is allegedly transferred to North Korean leadership to help fund the authoritarian regime’s weapons of mass destruction and ballistic-missile programs. 

“North Korea remains intent on funding its weapons programs by defrauding U.S. companies and exploiting American victims of identity theft, but the FBI is equally intent on disrupting this massive campaign and bringing its perpetrators to justice,” Assistant Director Roman Rozhavsky of the FBI Counterintelligence Division said in a statement. “North Korean IT workers posing as U.S. citizens fraudulently obtained employment with American businesses so they could funnel hundreds of millions of dollars to North Korea’s authoritarian regime. The FBI will do everything in our power to defend the homeland and protect Americans from being victimized by the North Korean government, and we ask all U.S. companies that employ remote workers to remain vigilant to this sophisticated threat.”

The authoritarian leadership of the Democratic People’s Republic of Korea (DPRK) has deployed thousands of trained IT workers around the world to trick companies into hiring them for remote IT jobs, authorities said Monday. Once hired, the IT workers are tasked with making money and gathering intelligence to aid in cyber heists. Known colloquially as the “North Korean IT worker scheme,” hundreds of Fortune 500 and smaller tech companies have been battling back a tsunami of fake would-be job seekers who are actually trained North Korean IT workers. The UN has estimated the scheme generates between $200 million to $600 million per year, not including the amount of crypto allegedly stolen in heists using intelligence gathered by the North Korean IT workers, which is in the billions. 

According to the indictment, New Jersey man Zhenxing “Danny” Wang founded a software development company called Independent Lab as a front company in the scheme. Through Independent Lab, companies shipped laptops to Wang addressed to what the companies thought were hired IT workers, but in reality were people who had their identities stolen. Wang allegedly hosted the laptops at his home, known as a “laptop farm,” and installed remote-access software so the North Korean workers could access them from overseas locations. Wang also took in money paid as compensation from the U.S. companies and allegedly transferred it to accounts controlled by the overseas conspirators. 

The indictment states multiple defendants and accomplices acted using front companies, including other unnamed conspirators in New York and California, plus an active-duty member of the U.S. military. The accomplices allegedly hosted laptop farms in their homes in exchange for hundreds of thousands of dollars in fees, authorities claimed. The fronts allegedly defrauded at least four major companies, causing each one at least $100,000 in damages and lost wages. One accomplice alleged to be Kejia Wang, allegedly knew the workers were acting on behalf of North Korea. 

In addition to Danny Wang, the government charged eight other defendants and claimed the fraud included a California-based defense contractor, from which an overseas actor allegedly stole sensitive documents related to U.S. military technology. Other companies impacted in the fraud scheme are located in California, Massachusetts, New York, New Jersey, Florida, New Mexico, Georgia, Maryland, North Carolina, Illinois, Ohio, South Carolina, Michigan, Texas, Indiana, Arkansas, Missouri, Tennessee, Minnesota, Rhode Island, Wisconsin, Oregon, Pennsylvania, Washington, Utah, Colorado, and the District of Columbia. 

Michael “Barni” Barnhart, principal risk investigator at security firm DTEX, said the arrests announced this week serve as a reminder that the threats from DPRK IT workers extend beyond just generating revenue. 

“Once inside, they can conduct malicious activity from within trusted networks, posing serious risks to national security and companies worldwide,” Barnhart told Fortune in a statement. “DPRK actors are increasingly utilizing front companies and trusted third parties to slip past traditional hiring safeguards, including observed instances of those in sensitive sectors like government and the defense industrial base.” 

Barnhart suggests the arrests underscore the notion that companies have to look beyond the typical applicant portals and reassess their entire talent pipelines given the way the DPRK IT worker threat has adapted. 

“These schemes target and steal from U.S. companies and are designed to evade sanctions and fund the North Korean regime’s illicit programs, including its weapons programs,” Assistant Attorney General for the Department’s National Security Division John A. Eisenberg said in a statement. “The Justice Department, along with our law enforcement, private sector, and international partners, will persistently pursue and dismantle these cyber-enabled revenue generation networks.”

The second indictment outlines how the four-man delegation used a mix of stolen identities and aliases to get two North Korean IT workers developer jobs at an Atlanta, Georgia research and development tech firm, and at a separate virtual token company. 

Together, the duo stole crypto valued at nearly $1 million, the U.S. Attorney’s Office for the Northern District of Georgia alleged in an indictment handed down last week. The two IT workers then brought in others to help them allegedly launder the currency so they could disguise its origins before sending the money home to North Korean leadership.

‘It’s not me!!!’

As alleged in the second indictment, the scheme in this case began in October 2019 when four trained North Korean IT workers traveled to the United Arab Emirates using North Korean documents and set themselves up as a team. The crew methodically leveraged stolen identities blended with their own photos to pass muster as legitimate employees and gain access to sensitive information at the companies. The goal, according to the indictment, was to earn enough trust to get access to the virtual currencies the companies controlled so they could transfer them to the DPRK government, led by authoritarian dictator Kim Jong Un. 

Once up and running, in December 2020 defendant Kim Kwang Jim allegedly gave an unnamed company a fake Portuguese ID that included a photo of Kim with the victim’s actual birthdate and government identification number. Kim allegedly used the stolen identity as an alias to get work developing source code at an unnamed U.S. company based in Atlanta. The indictment only names the stolen ID victim as “P.S.” and does not name any company that allegedly hired a North Korean IT worker.

In March 2022, Kim allegedly modified the source code at the company where he had been hired. His changes altered the code for two smart contracts the company owned and controlled that lived on the Ethereum and Polygon blockchains. Kim triggered rule changes dictating when currency could be withdrawn from the company-controlled funding pools.

Then on March 29 and March 30, 2022, Kim allegedly took 4 million Elixir tokens, 229,051 Matic tokens, and 110,846 Start. All told, the virtual currencies were worth about $740,000 at the time of the theft, according to the indictment. Kim allegedly transferred the currency to another currency address he controlled. 

Authorities say Kim offered up a dog-ate-my-homework rationale to the founder to try to explain the currency transfer: “hi bro, really sorry – these weird txs started happening after i refactored my github.”

On March 30, the company founder sent a message on Telegram to Kim accusing him of stealing the virtual currency from the company’s funding pools. Kim, using the Telegram account set up with the P.S. stolen identity, wrote back, “How many times do I need to tell you??? I didn’t do it!!! It’s not me!!!”

‘Bryan Cho’

Another alleged incident outlined in the indictment began in May 2021. Authorities say defendant Jong Pong Ju allegedly used the alias “Bryan Cho” to get a job at another unnamed company to provide IT services. 

After he was hired, Jong allegedly gained access to the company’s virtual currency. Later that year, in October 2021, Jong allegedly used a Telegram account he had created using the “Bryan Cho” alias to recommend to the company founder that “Peter Xiao” would make a great developer. Authorities alleged Peter Xiao was actually another defendant, Chang Nam Il. The founder took Jong’s recommendation and hired “Peter Xiao” to work on front-end development. Chang, working as Peter Xiao, allegedly worked at the company from October 2021 until January 2022. 

In January 2022, the company founder asked for a video to verify the identity of “Bryan Cho”—who was actually Jong, authorities allege—before giving Jong additional access to the company’s crypto assets. On January 25, 2022, Jong allegedly used a Malaysian driver’s license with the Bryan Cho alias to send a video to the founder over Telegram. The founder then allegedly gave Jong additional access. 

The following month, Jong took that access and allegedly stole virtual currency tokens valued at approximately 60 Ether (worth $175,680 at the time) by transferring it to another virtual currency address that Jong controlled. Jong then used the Bryan Cho Telegram account to message the company founder, “I think I accidently (sic) dropped the private key into the .env sample file.” 

The founder then asked where the “.env file” was uploaded, and Jong—as Bryan Cho—told him, “Github.”

“The defendants used fake and stolen personal identities to conceal their North Korean nationality, pose as remote IT workers, and exploit their victims’ trust to steal hundreds of thousands of dollars,” U.S. Attorney Theodore S. Hertzberg said in a statement. “This indictment highlights the unique threat North Korea poses to companies that hire remote IT workers and underscores our resolve to prosecute any actor, in the United States or abroad, who steals from Georgia businesses.”

That wasn’t the end of it. From there, the North Korean IT workers allegedly needed to launder the stolen funds. 

Chang, Jong, Kim, and a fourth defendant Kang Tae Bok allegedly used additional aliases and a virtual currency mixer known as “Tornado Cash” to launder the stolen assets. Tornado Cash is a crypto mixer that essentially blurs the trail of crypto transactions.

Authorities allege Kang used the alias “Wong Shao Onn” to open an account at an unnamed virtual currency exchange using a doctored Malaysian ID with his own photo. Similarly, Chang used a faked Malaysian ID to open an account using the alias “Bong Chee Shen.”

Jong, after he allegedly stole the 60 Ether, sent the currency to Tornado Cash for mixing, the indictment states. Kim allegedly sent his stolen tokens to Tornado Cash also. The mixed funds were then withdrawn into accounts controlled by Kang and Chang, using the Wong and Bong aliases. 

Tornado Cash did not respond to a request for comment. Attempts to reach Wang were unsuccessful.