The Federal Bureau of Investigation has published information on six cryptocurrency wallets operated by North Korean hackers and believed to be holding stolen funds.
The cryptocurrency addresses, the FBI says, hold roughly 1,580 Bitcoin that are likely related to the recent theft of cryptocurrency assets worth hundreds of millions of dollars.
“Over the last 24 hours, the FBI tracked cryptocurrency stolen by the Democratic People’s Republic of Korea (DPRK) TraderTraitor-affiliated actors (also known as Lazarus Group and APT38). The FBI believes the DPRK may attempt to cash out the bitcoin worth more than $40 million dollars,” the FBI says.
According to the agency, TraderTraitor-affiliated hackers stole $60 million and $37 million in cryptocurrency from Alphapo and CoinsPaid in July, and $100 million from Atomic Wallet in June.
Previously, the hackers stole crypto assets in attacks against Harmony’s Horizon bridge and Sky Mavis’ Ronin Bridge.
“Private sector entities should examine the blockchain data associated with these addresses and be vigilant in guarding against transactions directly with, or derived from, the addresses,” the FBI says.
In April 2023, the US government warned that the North Korea-linked Lazarus Group, which has been blamed for numerous high-profile cyberattacks, was targeting entities and exchanges in the blockchain and cryptocurrency industry to generate and launder funds.
Based on the shared indicators of compromise associated with this campaign, which the US government named TraderTraitor, GitHub linked North Korea to social engineering attacks targeting employees at technology firms in July.
North Korean hackers were also blamed for the July cyberattack on JumpCloud, for the 3CX hack, and for the AppleJeus operation.
Related: US, South Korea Detail North Korea’s Social Engineering Techniques
Related: US Sanctions North Korean University for Training Hackers
Related: North Korean Hackers Target Mac Users With New ‘RustBucket’ Malware