North Korean Hackers Target Crypto: FBI Traces $40M Bitcoin Haul

North Korean flag with the faceless hacker in background with hoodie

The U.S. government has indicated its belief that hackers affiliated with North Korea are on the verge of converting millions of dollars that were stolen through a series of significant cryptocurrency breaches. The FBI issued a warning to cryptocurrency companies on Tuesday regarding recent blockchain activities connected to the theft of substantial cryptocurrency sums by malicious actors linked to the North Korea-backed Lazarus Group, also recognized as APT38 and "TraderTraitor."

Within the past 24 hours, the FBI has traced approximately 1,580 Bitcoins, amounting to over $40 million, currently held by North Korean hackers in six separate cryptocurrency wallets. These funds are said to have been taken during several instances of cryptocurrency theft, including the Atomic Wallet breach in June. This particular attack compromised around 5,500 customer wallets, leading to the theft of over $100 million. 

The laundering process associated with this incident is consistent with the methods employed by the Lazarus Group, as previously analyzed by blockchain analysis firm Elliptic.

Furthermore, the FBI has established a link between the Lazarus Group hackers and the theft of $60 million from centralized crypto payment provider AlphaPo, as well as $37 million from cryptocurrency wallet provider CoinsPaid.

The latter breach resulted in CoinsPaid suspending operations for four days, as hackers employed tactics involving LinkedIn to entice employees into downloading malware-laden JumpCloud software. This technique, in line with North Korean strategies, ultimately compromised the security of the wallet provider.

The FBI advisory also warned that the North Korean hackers are preparing to convert the stolen $40 million in the near future. In light of this, cryptocurrency organizations are advised to closely examine recent blockchain data related to the six Bitcoin addresses shared by the FBI, while also being vigilant in monitoring transactions involving or emanating from these addresses.

The Lazarus Group's history includes a track record of involvement in numerous crypto exchange hacks, such as the theft of $100 million from Harmony's Horizon Bridge and the appropriation of $625 million in cryptocurrency from the Ethereum-based Ronin Network, associated with the popular Axie Infinity game.

Blockchain intelligence company TRM Labs reported that North Korean hackers have managed to pilfer nearly $2 billion in cryptocurrency through more than 30 attacks since 2018, with close to $1 billion stolen just in 2022. The Lazarus Group's portion of stolen assets in 2023 has reached around $200 million, accounting for over 20% of all stolen crypto during this period. 

As part of their measures to counter these threat groups, the U.S. government has introduced a $10 million reward for information that aids in identifying members of state-sponsored North Korean hacking groups, including the notorious Lazarus Group.

Previous Next

This information is for educational purposes only and does not constitute investment advice. No person should rely on it to make any investment. Investing carries risks, including the loss of capital. All opinions expressed are subject to change without notice. Past performance is not indicative of future results. Always seek the advice of a licensed investment professional before making any investment.