FBI Monitors North Korea's Lazarus Group in Major Cryptocurrency Heist
The FBI is monitoring cryptocurrency theft by DPRK's TraderTraitor-affiliated actors, including Lazarus Group and APT38. The agency suspects the DPRK might liquidate over $40 million worth of bitcoin. The FBI advises companies to scrutinize blockchain data and remain cautious about transactions associated with these addresses.
The Federal Bureau of Investigation (FBI) has recently alerted cryptocurrency firms about blockchain activities linked to the theft of a significant amount of cryptocurrency. Within the past day, the FBI has monitored cryptocurrency pilfered by actors affiliated with the Democratic People's Republic of Korea (DPRK), commonly known as North Korea. These actors, known as the TraderTraitor group, are also recognized as the Lazarus Group and APT38. The agency suspects that North Korea might try to liquidate the bitcoin, which is valued at over $40 million.
Through its investigation, the FBI determined that the TraderTraitor-affiliated entities transferred around 1,580 bitcoin from multiple cryptocurrency thefts. They are presently holding these funds in specific bitcoin addresses, some of which include:
- 3LU8wRu4ZnXP4UM8Yo6kkTiGHM9BubgyiG
- 39idqitN9tYNmq3wYanwg3MitFB5TZCjWu
- 3AAUBbKJorvNhEUFhKnep9YTwmZECxE4Nk
These DPRK TraderTraitor-affiliated actors have been implicated in several notable international cryptocurrency thefts. This includes the theft of $60 million in virtual currency from Alphapo on June 22, 2023, a $37 million heist from CoinsPaid on the same date, and a staggering $100 million theft from Atomic Wallet on June 2, 2023. The FBI had previously shared details about their attacks on Harmony’s Horizon bridge and Sky Mavis’ Ronin Bridge and had issued a Cybersecurity Advisory on TraderTraitor.
The FBI advises private sector companies to scrutinize the blockchain data related to these addresses. They should remain cautious about transactions directly associated with, or originating from, these addresses. The FBI remains committed to unveiling and countering the DPRK's engagement in illicit activities, such as cybercrime and virtual currency theft, as means to generate revenue. For those with relevant information, the FBI encourages reaching out to their local FBI field office or visiting the FBI’s Internet Crime Complaint Center at "ic3.gov".
Recent Hack events related to DPRK
North Korea's Notorious Lazarus Group: The crypto community has been on high alert due to a series of incidents that have been linked to North Korea's notorious Lazarus Group. MistTrack, a leading crypto tracking platform, unveiled potential connections between the incidents involving CoinsPaid, AtomicWallet, and Alphapo on July 26, 2023. The Lazarus Group, also known as Hidden Cobra, is a cybercrime group believed to be based in North Korea. They have been implicated in several high-profile attacks, including the 2014 Sony Pictures hack, the 2016 Bangladesh Bank heist, and the 2017 WannaCry ransomware attack.
JumpCloud's System Breach: On July 20, 2023, JumpCloud, an American IT management company, confirmed a system breach by a North Korean government-backed hacking group. This marked a strategic shift in their operations, targeting companies that can provide access to multiple sources of digital currencies. The breach was attributed to "Labyrinth Chollima," a notorious squad of North Korean hackers with a history of targeting cryptocurrency entities.
Atomic Wallet Heist: North Korean cybercriminals were suspected in a cryptocurrency heist involving Atomic Wallet, where a substantial $35 million was stolen. This incident saw victims appealing directly to the thieves on Twitter, hoping for some semblance of mercy. The US administration has been aware of the potential national security implications of these cybercrimes, with nearly half of North Korea's missile program funding traced back to these activities.
Euler Finance DeFi Hack: The DeFi world witnessed a significant breach when Euler Finance became the victim of the biggest DeFi hack of 2023, with $197 million in funds stolen. Blockchain investigator Chainalysis identified that some of the stolen funds were transferred to an address linked to North Korea. This incident raised questions about the security of DeFi platforms, highlighting the need for stronger security measures.
Image source: Shutterstock
