Federal prosecutors say a man in Kyiv ran a U.S.-registered site that sold stolen American identities to overseas IT workers, enabling fraud that reached dozens of American companies and funneled money to a hostile regime.
Oleksandr Didenko, 29, of Kyiv, Ukraine, was sentenced in U.S. District Court to 60 months in prison for a years-long scheme that stole the identities of U.S. citizens and sold them to North Korean workers so they could fraudulently gain employment at 40 U.S. companies, announced U.S. Attorney Jeanine Ferris Pirro.
Didenko, who also used the name Alexander Didenko, pleaded guilty on Nov. 10, 2025, to wire fraud conspiracy and aggravated identity theft and agreed to forfeit more than $1.4 million. That forfeiture includes approximately $181,438 in USD and cryptocurrency seized from him and his co-conspirators. Judge Randolph D. Moss ordered 12 months of supervised release and required Didenko to pay $46,547.28 in restitution.
“Defendant Didenko’s scheme funneled money from Americans and U.S. businesses, into the coffers of North Korea, a hostile regime. Today, North Korea is not only a threat to the homeland from afar, it is an enemy within. By using stolen and fraudulent identities, North Korean actors are infiltrating American companies, stealing information, licensing, and data that is harmful to any business. But more than that, money paid to these so-called employees goes directly to munitions programs in North Korea,” said U.S. Attorney Pirro. “We should be holding accountable to the fullest extent of the law the individuals, like Didenko, who are knowingly assisting North Koreans so that they can amass more weapons to harm the United States and peace in our world. This is not just a financial crime; it is a crime against national security.”
Court documents say Didenko operated a website using a U.S.-based domain called Upworksell.com, which marketed stolen U.S. identities to foreign IT contractors. Beginning in 2021, those identities were used to create profiles and win contracts on online freelance platforms based in California and Pennsylvania. The platforms let users sign up as contractors, advertise skills and bid on work, and the stolen identities masked the true origins of the laborers.
“Oleksandr Didenko’s fraudulent activity inflicted systemic and deliberate financial harm on U.S. companies and American citizens to benefit not only himself, but a hostile nation state,” said Assistant Director Roman Rozhavsky of the FBI’s Counterintelligence and Espionage Division. “The FBI will not tolerate North Korea’s sustained campaign to victimize American citizens, businesses, and financial institutions to fund its authoritarian regime. Today’s sentencing demonstrates that the FBI will pursue full accountability for anyone found complicit in our adversary’s efforts to defraud and undermine American economic security, and we ask all U.S. companies that employ remote workers to remain vigilant to this new and sophisticated threat.”
Didenko recruited U.S.-based helpers to receive and host computers at residences in Virginia, Tennessee and California, enabling remote access that appeared domestic. Prosecutors say he ran at least three U.S.-based “laptop farms” and managed as many as 871 proxy identities to give overseas clients the appearance of U.S. workers. He also routed employment income through Money Service Transmitters so foreign clients could access the U.S. financial system without opening domestic bank accounts.
The overseas IT workers were paid hundreds of thousands of dollars for contracts that were then falsely attributed to real U.S. citizens whose identities had been stolen. Much of that income was misreported to agencies such as the Department of Homeland Security, the IRS and the Social Security Administration in the names of victims. That false reporting created both financial harm for victims and exploitative access for hostile actors.
On May 16, 2024, the Justice Department seized the Upworksell.com domain and diverted its traffic to the FBI, pausing the site’s operations. Polish authorities arrested Didenko, and on Dec. 31, 2024, he was extradited to the United States to face charges. Prosecutors say the network of accounts, proxies and intermediaries stretched across multiple jurisdictions and required cooperation from several law enforcement agencies to dismantle.
“Oleksandr Didenko participated in a scheme that stole the identities of hundreds of people, to include United States citizens, which were used by North Korea to fraudulently secure lucrative IT jobs,” said Assistant Director in Charge James Barnacle of the FBI’s New York Field Office. “This massive operation not only created an unauthorized backdoor into our country’s job market, but helped fund the regime of an adversary. This case is an example of how the FBI continues to safeguard our critical infrastructure from foreign threat actors seeking to exploit our nation’s sensitive information.”
The investigation was led by the FBI’s New York Field Office with help from the Norfolk, San Diego and Knoxville field offices. The prosecution team included Assistant U.S. Attorneys Karen P. Seifert and Steven Wasserman for the District of Columbia, with assistance from multiple U.S. Attorney’s Offices, the Justice Department’s Office of International Affairs, and the National Security Division’s cyber section. Authorities say the case shows how foreign adversaries can weaponize identity theft to penetrate U.S. businesses and fund hostile activities.
