FBI Warns of Cryptocurrency Heists by North Korea's Lazarus Group
The most recent stolen bitcoin comes just after three major operations occurred in June, with millions stolen in each heist.
The FBI has tracked hundreds of millions of dollars in cryptocurrency stolen by the Democratic People's Republic of Korea (DPRK) TraderTraitor-affiliated actors, more commonly referred to as Lazarus Group or APT38, and is now warning cryptocurrency companies of this malicious blockchain activity.
In an investigation, the FBI found that these threat actors moved 1,580 bitcoins from multiple cryptocurrency heists and are holding the funds in six different bitcoin addresses. The group may attempt to cash out the stolen cryptocurrency, amounting to more than $40 million.
This cybercrime group was also responsible for multiple high-profile heists in June spanning multiple countries, including $60 million of the virtual currency from Alphapo, $37 million from CoinsPaid, and $100 million from Atomic Wallet.
The federal agency recommends that private sector entities examine these bitcoin addresses as well as any blockchain data associated with them. These entities should also be hyperaware of guarding against transactions from these particular addresses:
3LU8wRu4ZnXP4UM8Yo6kkTiGHM9BubgyiG
39idqitN9tYNmq3wYanwg3MitFB5TZCjWu
3AAUBbKJorvNhEUFhKnep9YTwmZECxE4Nk
3PjNaSeP8GzLjGeu51JR19Q2Lu8W2Te9oc
3NbdrezMzAVVfXv5MTQJn4hWqKhYCTCJoB
34VXKa5upLWVYMXmgid6bFM4BaQXHxSUoL
"The FBI will continue to expose and combat the DPRK's use of illicit activities — including cybercrime and virtual currency theft — to generate revenue for the regime," the agency said in a statement. "If you have any information to provide, please contact your local FBI field office or the FBI's Internet Crime Complaint Center at ic3.gov."
About the Author
You May Also Like
Unleashing AI to Assess Cyber Security Risk
Nov 12, 2024Securing Tomorrow, Today: How to Navigate Zero Trust
Nov 13, 2024The State of Attack Surface Management (ASM), Featuring Forrester
Nov 15, 2024Applying the Principle of Least Privilege to the Cloud
Nov 18, 2024The Right Way to Use Artificial Intelligence and Machine Learning in Incident Response
Nov 20, 2024