FBI Warns of Cryptocurrency Heists by North Korea's Lazarus Group

The most recent stolen bitcoin comes just after three major operations occurred in June, with millions stolen in each heist.

Dark Reading Staff, Dark Reading

August 23, 2023

1 Min Read
Image of the FBI seal
Source: Peter Probst via Alamy Stock Photo

The FBI has tracked hundreds of millions of dollars in cryptocurrency stolen by the Democratic People's Republic of Korea (DPRK) TraderTraitor-affiliated actors, more commonly referred to as Lazarus Group or APT38, and is now warning cryptocurrency companies of this malicious blockchain activity.

In an investigation, the FBI found that these threat actors moved 1,580 bitcoins from multiple cryptocurrency heists and are holding the funds in six different bitcoin addresses. The group may attempt to cash out the stolen cryptocurrency, amounting to more than $40 million.

This cybercrime group was also responsible for multiple high-profile heists in June spanning multiple countries, including $60 million of the virtual currency from Alphapo, $37 million from CoinsPaid, and $100 million from Atomic Wallet.

The federal agency recommends that private sector entities examine these bitcoin addresses as well as any blockchain data associated with them. These entities should also be hyperaware of guarding against transactions from these particular addresses: 

  1. 3LU8wRu4ZnXP4UM8Yo6kkTiGHM9BubgyiG

  2. 39idqitN9tYNmq3wYanwg3MitFB5TZCjWu

  3. 3AAUBbKJorvNhEUFhKnep9YTwmZECxE4Nk

  4. 3PjNaSeP8GzLjGeu51JR19Q2Lu8W2Te9oc

  5. 3NbdrezMzAVVfXv5MTQJn4hWqKhYCTCJoB

  6. 34VXKa5upLWVYMXmgid6bFM4BaQXHxSUoL

"The FBI will continue to expose and combat the DPRK's use of illicit activities — including cybercrime and virtual currency theft — to generate revenue for the regime," the agency said in a statement. "If you have any information to provide, please contact your local FBI field office or the FBI's Internet Crime Complaint Center at ic3.gov."

About the Author

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights