- FBI warned crypto operators that entities associated with North Korean hackers may attempt to sell Bitcoin worth more than $40 million.
- The intelligence and security service stated that assets associated with the Democratic People’s Republic of Korea (DPRK) have been tracking stolen crypto and stealing it using tactics known as “TraderTraitor.”
- The Lazarus Group in North Korea has consistently targeted the blockchain sector and used spearphishing methods and malware to steal cryptocurrency.
The United States Federal Bureau of Investigation (FBI) has released a report on the potential sale of Bitcoin associated with North Korean hackers.
FBI Issues Warning Report
The Federal Bureau of Investigation (FBI) has warned crypto operators that entities associated with North Korean hackers may attempt to sell Bitcoin worth more than $40 million.
In a statement today, the intelligence and security service stated that assets associated with the Democratic People’s Republic of Korea (DPRK) (Lazarus Group and APT38) have been tracking stolen crypto and stealing it using tactics known as “TraderTraitor.”
The agency stated, “The FBI believes that the DPRK may attempt to convert over $40 million worth of Bitcoin into cash.” It included a list of Bitcoin addresses where the funds are currently held and noted that recent movements have occurred from these addresses, stating:
“Private sector organizations should review blockchain data associated with these addresses and exercise caution regarding transactions made directly with or derived from these addresses.”
The Lazarus Group in North Korea has consistently targeted the blockchain sector and used spearphishing methods and malware to steal cryptocurrency. These attacks often begin with numerous spearphishing emails targeting IT personnel and attempting to lure recipients into downloading applications infected with malware. The U.S. government refers to these malicious applications as TraderTraitor.
TraderTraitor Toolset
The Lazarus Group, known for using the TraderTraitor toolset, has successfully infiltrated crypto companies and exchanges using their cyber tools. Their methods often involve launching attacks with phishing emails that aim to convince personnel to unknowingly download a virus-infected file. This method has resulted in notable successes for the Lazarus Group, leaving an indelible mark in the cybercrime landscape.
As concerns grow over the astronomical value of crypto assets held by this DPRK-associated group, the FBI’s focus on these cyber activities highlights the ongoing battle against digital theft and the clandestine financial foundations of rogue regimes.
History of the Attack
The DPRK actors associated with TraderTraitor, monitored by the FBI, are responsible for high-profile heists targeting Alphapo, CoinsPaid, and Atomic Wallet.
Last year, the same group carried out attacks on Harmony’s Horizon Bridge and Sky Mavis’ Ronin Bridge, with the latter resulting in approximately $540 million in losses.
