FBI Detects North Korean Hackers' Bitcoin Stash Worth $40 Million

The Federal Bureau of Investigation (FBI) has flagged six Bitcoin wallets tied to Lazarus, a hacking group associated with North Korea. These wallets collectively hold a substantial 1,580 BTC, equivalent to approximately $40 million. The accumulation of this sum is suspected to have occurred through a series of cryptocurrency breaches that took place last year.

On the 22nd of August, the FBI issued a cautionary statement directed at cryptocurrency enterprises. 

According to the report released , the FBI closely monitored the movement of cryptocurrency over the past 24 hours. This movement was associated with individuals tied to the DPRK, specifically the group known as TraderTraitor, also recognized as Lazarus Group and APT38.

Rising Threat of North Korean Cyber-Attacks on Cryptocurrency

Over the years, the North Korean hacking group has actively pursued a range of cryptocurrency-related exploits, resulting in the theft of crypto assets valued at billions of dollars. Additionally, concerns are mounting about the increasing sophistication of cyberattacks on cryptocurrency and technology companies, believed to be orchestrated with the support of North Korea.

Former CIA analyst Soo Kim highlights that generating income for the North Korean regime through international cryptocurrency channels has become a recurring strategy. In a CNN interview from last year, Kim predicted that the methods for carrying out cryptocurrency-related attacks would evolve. North Korea has faced accusations of being behind some of the most significant cyberattacks in recent cryptocurrency history, including the $620 million breach of Axie Infinity and the $100 million breach of the Harmony protocol.

The TraderTraitor Connection

Through meticulous investigation, the FBI revealed that individuals connected to the TraderTraitor faction moved around 1,580 bitcoins. These bitcoins were acquired from various cryptocurrency heists. The report suggests that the DPRK might attempt to convert the stolen bitcoins, amounting to more than $40 million, into cash.

Currently, these funds are held within six distinct bitcoin addresses: •3LU8wRu4ZnXP4UM8Yo6kkTiGHM9BubgyiG

 •39idqitN9tYNmq3wYanwg3MitFB5TZCjWu •3AAUBbKJorvNhEUFhKnep9YTwmZECxE4Nk •3PjNaSeP8GzLjGeu51JR19Q2Lu8W2Te9oc

•3NbdrezMzAVVfXv5MTQJn4hWqKhYCTCJoB, and •34VXKa5upLWVYMXmgid6bFM4BaQXHxSUoL.

The released statement confirms that agents connected to the DPRK's TraderTraitor have been responsible for several major international cryptocurrency thefts. Notable instances include the appropriation of $60 million worth of virtual currency from Alphapo on June 22, 2023, the seizure of $37 million worth of virtual currency from CoinsPaid on the same day, and the embezzlement of $100 million worth of virtual currency from Atomic Wallet on June 2, 2023. Additionally, the report references the group's attack on Harmony's Horizon Bridge and Sky Marvis' Ethereum-linked sidechain, Ronin Bridge.

Furthermore, the FBI issued a Cybersecurity Advisory regarding TraderTraitor, urging entities in the private sector to thoroughly analyze blockchain data tied to the aforementioned addresses. The report emphasizes the FBI's commitment to exposing and countering the DPRK's involvement in illicit activities, encompassing cybercrimes and virtual currency theft, activities that generate revenue for the regime.

The report encourages individuals with relevant information to reach out to their local FBI field office or the FBI's Internet Crime Complaint Center at ic3.gov.