The U.S. Federal Bureau of Investigation (FBI) said it has uncovered plans by hackers to cash out over $40 million in stolen funds through six Bitcoin addresses.
The FBI in an advisory warned crypto companies to be vigilant in guarding against transactions directly with, or derived from the addresses. It identified the hackers as those affiliated with the North Korea-backed Lazarus Group, also known as APT38 and “TraderTraitor.”
The FBI said that over the past 24 hours, it had tracked approximately 1,580 Bitcoin, worth more than $40 million, that the North Korean hackers are currently holding in six separate crypto wallets. It added that these funds were stolen during “several” cryptocurrency heists.
FBI’s warning
The Bureau in the advisory issued on Tuesday said:
- “The FBI is warning cryptocurrency companies of recent blockchain activity connected to the theft of hundreds of millions of dollars in cryptocurrency. Over the last 24 hours, the FBI tracked cryptocurrency stolen by the Democratic People’s Republic of Korea (DPRK) TraderTraitor-affiliated actors (also known as Lazarus Group and APT38). The FBI believes the DPRK may attempt to cash out the bitcoin worth more than 40 million dollars.
- “The DPRK TraderTraitor-affiliated actors were responsible for several high-profile international cryptocurrency heists including the $60 million theft of virtual currency from Alphapo on June 22, 2023; the $37 million theft of virtual currency from CoinsPaid on June 22, 2023; and the $100 million theft of virtual currency from Atomic Wallet on June 2, 2023.
- “The FBI previously provided information on their attacks against Harmony’s Horizon bridge and Sky Mavis’ Ronin Bridge and provided a Cybersecurity Advisory on TraderTraitor.”
It urged all private sector entities to examine the blockchain data associated with the addresses of the hackers provided and be vigilant in guarding against transactions directly with the addresses.
- “The FBI will continue to expose and combat the DPRK’s use of illicit activities—including cybercrime and virtual currency theft—to generate revenue for the regime,” it added.
According to a recent report from blockchain intelligence company TRM Labs, North Korean hackers have stolen almost $2 billion in cryptocurrency since 2018 over more than 30 attacks, including almost $1 billion in 2022 alone. Lazarus Group has stolen approximately $200 million in 2023 so far, according to the report, accounting for over 20% of all stolen crypto this year.
