North Korean hackers could be about to sell more than $40million worth of stolen Bitcoin, according to a statement by the Federal Bureau of Investigation (FBI).
Lazarus Group and APT38, two North Korean-based groups, were flagged by the FBI this week and are anticipated to sell $40m of their funds.
“The FBI investigation found the TraderTraitor-affiliated actors moved approximately 1,580 bitcoin from several cryptocurrency heists and are currently holding those funds in… bitcoin addresses,” the statement said.
The cyber criminal groups are said to be behind “several high-profile international cryptocurrency heists”.
These include almost $200m stolen in June this year from crypto payment provider Alphapo, payment gateway CoinsPaid, and Atomic Wallet.
They were also blamed for the attack on Harmony’s horizon bridge that saw $100m stolen last year. The Lazarus Group was said to be responsible for the $650m exploit on Axie Infinity’s Ronin bridge as well.
The FBI have now identified six wallets, containing 1,580 BTC or $41m, which could be about to sell its holdings.
“Private sector entities should examine the blockchain data associated with these addresses and be vigilant in guarding against transactions directly with, or derived from, the addresses,” the FBI’s statement warned.
Who are North Korea’s Lazarus Group?
With ties to the North Korean government, the Lazarus group has stolen nearly $2billion worth of crypto since 2018, according to a TRM report. It found that almost $1bn of this was stolen last year.
As well as crypto, the malicious actors have been previously linked to more traditional related cyber attacks.
In November 2014, the Lazarus Group was said to be behind the cyber attacks on Sony Pictures Entertainment. This was in response to the movie The Interview, a comedy about the assassination of North Korea’s leader Kim Jong-un.
“The conspirators gained access to SPE’s network by sending malware to SPE employees, and then stole confidential data, threatened SPE executives and employees, and damaged thousands of computers,” the FBI said.
Before moving into crypto, the group attacked more traditional financial institutions. In 2016, the Lazarus Group attempted to steal $1bn from Bangladesh’s national bank. But they only managed to take $81m.
Lazarus Group’s crypto hacks
The FBI is now focusing their investigations on cybercrime and crypto theft. It said: “The FBI will continue to expose and combat the DPRK’s use of illicit activities—including cybercrime and virtual currency theft—to generate revenue for the regime.”
One of Lazarus Group’s most notable attacks was on Harmony’s layer-1 blockchain, where $100 million was exploited from the Horizon Bridge in 2022. The FBI announced earlier this year that the North Korean hackers were behind it.
Funds in 11 different altcoins were stolen by the group and transferred to Ethereum. The Railgun privacy protocol was used to sneak out the stolen crypto.
One of its larger attacks was the Ronin Bridge exploit. Parent company Sky Mavis noted that the hackers gained access to the validator nodes and approved the $650m transaction.
Crypto funding North Korean weapons
This stolen crypto from hackers like the Lazarus Group are funding roughly half of North Korea’s missile programme, according to the White House.
The FBI have previously said that stolen digital assets are being used to finance ballistic missiles and weapons of destruction.
Meanwhile, the US Department of Justice have accused ex-Ethereum developer Virgil Griffith for helping the North Korean government with these attacks.
US Agencies are now working to identify the attackers and trace the stolen cryptocurrencies.