CONFERENCE NOW LIVE: Threat Detection & Incident Response (TDIR) Summit - Join the Event In-Progress
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

FBI Finds 1,580 Bitcoin in Crypto Wallets Linked to North Korean Hackers 

The FBI has published information on six crypto wallets in which North Korean hackers moved roughly 1,580 Bitcoin from various heists.

The Federal Bureau of Investigation has published information on six cryptocurrency wallets operated by North Korean hackers and believed to be holding stolen funds.

The cryptocurrency addresses, the FBI says, hold roughly 1,580 Bitcoin that are likely related to the recent theft of cryptocurrency assets worth hundreds of millions of dollars.

“Over the last 24 hours, the FBI tracked cryptocurrency stolen by the Democratic People’s Republic of Korea (DPRK) TraderTraitor-affiliated actors (also known as Lazarus Group and APT38). The FBI believes the DPRK may attempt to cash out the bitcoin worth more than $40 million dollars,” the FBI says.

According to the agency, TraderTraitor-affiliated hackers stole $60 million and $37 million in cryptocurrency from Alphapo and CoinsPaid in July, and $100 million from Atomic Wallet in June.

Previously, the hackers stole crypto assets in attacks against Harmony’s Horizon bridge and Sky Mavis’ Ronin Bridge.

“Private sector entities should examine the blockchain data associated with these addresses and be vigilant in guarding against transactions directly with, or derived from, the addresses,” the FBI says.

In April 2023, the US government warned that the North Korea-linked Lazarus Group, which has been blamed for numerous high-profile cyberattacks, was targeting entities and exchanges in the blockchain and cryptocurrency industry to generate and launder funds.

Based on the shared indicators of compromise associated with this campaign, which the US government named TraderTraitor, GitHub linked North Korea to social engineering attacks targeting employees at technology firms in July.

Advertisement. Scroll to continue reading.

North Korean hackers were also blamed for the July cyberattack on JumpCloud, for the 3CX hack, and for the AppleJeus operation.

Related: US, South Korea Detail North Korea’s Social Engineering Techniques

Related: US Sanctions North Korean University for Training Hackers

Related: North Korean Hackers Target Mac Users With New ‘RustBucket’ Malware

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this event as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack.

Register

Learn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.

Register

People on the Move

Jeremy Koppen has left Mandiant after 13 years to become the CISO of Equifax.

Engineering and technology solutions provider Amentum has appointed Max Shier as its CISO.

PAM provider Keeper Security has appointed Shane Barney as its Chief Information Security Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.