ATLANTA, GA — The founder of a Buckhead tech firm is bouncing back after North Korean operatives steal more than one million dollars’ worth of his crypto in a systematic scheme.

Marlon Williams is the head of Atlanta Blockchain Center and Starter Labs. His company is the one in a federal indictment in Georgia which details how the North Korean regime deployed a virtual army to scam businesses in a long-running remote information technology worker scam.

For a while, Williams’s wallet, name, and emotions took hard hits in the wake of a seven-figure loss.

The Justice Department says the North Koreans used stolen identities and fake information to land jobs with unsuspecting technology companies, gain their trust, get access to critical assets and programs, and then steal and launder cryptocurrency. They are also accused of stealing proprietary data from some victims, including military technology.

Williams met the man who identified himself as “Pembra Sherpa” in a public chat on Telegram in 2020, a chat which is typical in the blockchain and cryptocurrency world. Sherpa told the team online that he was a software developer with seven years’ experience, and that he was available if anyone needed him. Williams says it’s not uncommon in this area of tech to meet and work with people you’ve never met in person.

Later that year, Williams had Sherpa to start on a project. As he successfully completed more projects with increasing responsibility, Sherpa eventually became a full-time employee, and it was clear he knew his stuff.

“He was exceptional,” says Williams.

About a year later, in late 2021, there was a theft of $30,000 from a funding pool Williams says only he and Sherpa--by then the Chief Technology Officer--could access. Sherpa denied he was to blame, but Williams no longer trusted him. He privately made moves to hire Sherpa’s replacement and remove his entangled access to many of their accounts, but in early 2022, there was a series of more back-to-back thefts which wiped out several crypto accounts.

“Two and a half months later, he did the big hack,” says Williams, modifying the code in what are known as “smart contracts” to steal $740,000 from Atlanta Blockchain Center. “They still had access to four additional funding pools and hacked those. So it was an additional $140K and then another $90K. Overall, it was more than a million dollars.”

Seven figures’ worth of cryptocurrency tokens, gone in the blink of an eye.

“It was heart-wrenching,” says Williams. “I felt my heart dropped for a minute. I just couldn’t believe it.”

Sherpa stayed online long enough to vehemently deny involvement, telling Williams he had no reason to steal from him because Williams paid him so well. But soon, he and the subordinates he’d brought on wiped all traces of themselves from the sites. The virtual currency was sent to a “mixer” called Tornado Cash to launder the funds.

The tech founder turned over everything he had to the FBI.

At that time, Williams had more than 20 years in the industry, but this incident threw his emotions into turmoil and led him to question himself.

“They played the long game. They were very patient,” says Williams.

The man he knew as Pembra built something like an online friendship with him, sharing alleged details of his life--conversations about their families, what Sherpa and his girlfriend were up to, what his weekend plans in Dubai were.

“I’ve had a lot of different experiences and built a lot of different things, so there was like this moment of self-doubt,” he says.

Early this year, three years after the “big hack,” the FBI came to Williams’s Buckhead office to update him on their findings. He’d been victimized by a nefarious scheme on behalf of the North Korean regime--one which counted Fortune 500 companies among its victims, too. The Justice Department says the identities of more than 80 Americans were used in the scheme.

A federal indictment says Kim Kwang Jin of North Korea is the one who posed as Sherpa and gained Williams’s trust. Kim and three other men, Kang Tae Bok a/k/a “Wong Shao Orm,” Jong Pong Ju a/k/ a “Bryan Cho,” and Chang Nam Il a/k/ a Bong Chee Shen," a/k/ a “Peter Xiao, are accused by a grand jury of defrauding Atlanta Blockchain and a virtual token company in Serbia.

The news gave Williams some reassurance--but also gave him a gut punch.

“When it was revealed that this was actually a systematic program by a country--a terrorist country, at that--and I was a victim of that deception, it was a huge relief,” he says. But knowing that his crypto went to the repressive authoritarian regime was a stunner.

“That was also heart-wrenching because I’m like, ‘Four hundred grand in salary, plus over a million dollars collectively in the big hack plus the other small ones, all went to North Korea.’ Indirectly, I funded North Korea’s weapons or whatever crazy programs they have going there,” says Williams. “Like, my money is in there, somewhere. And that is, to me, one of the most shocking things that came from this.”

In the wake of the theft, he was left questioning himself and his judgment, while some crueler cynics speculated that he’d stolen the money himself.

The FBI prepared him for the reality that he may never get that money back. The feds also searched 29 “laptop farms” across 16 states. They seized 29 financial accounts laundering the stolen funds, seized 21 websites, made one arrest, and there was a second indictment brought in Massachusetts.

Williams is glad to know the breadth of this well-crafted deception--that he’s far from alone. At the same time, he’s revamped the way he does business and the way he hires. No one, he says, will have access to his intellectual property or financial assets if he has not met them personally or are not physically nearby. He says he doesn’t work with remote workers any more. It’s back to the basics, he says--paperwork and background checks included.

“Speaking of the personal relationship side, that has to be there,” Williams says.

He says it’s “refreshing” that all this scheme has been exposed, as he’s worked hard to rebuild his reputation from “huge damage” after the hack.

“It’s certainly restored my reputation in terms of security systems and so forth, and perception,” says Williams, “but this just seals the deal and gives us that full restoration.”