The Federal Bureau of Investigation has published information on six cryptocurrency wallets operated by North Korean hackers and believed to be holding stolen funds.
The cryptocurrency addresses, the FBI says, hold roughly 1,580 Bitcoin that are likely related to the recent theft of cryptocurrency assets worth hundreds of millions of dollars.
“Over the last 24 hours, the FBI tracked cryptocurrency stolen by the Democratic People’s Republic of Korea (DPRK) TraderTraitor-affiliated actors (also known as Lazarus Group and APT38). The FBI believes the DPRK may attempt to cash out the bitcoin worth more than $40 million dollars,” the FBI says.
Previously, the hackers stole crypto assets in attacks against Harmony’s Horizon bridge and Sky Mavis’ Ronin Bridge.
“Private sector entities should examine the blockchain data associated with these addresses and be vigilant in guarding against transactions directly with, or derived from, the addresses,” the FBI says.
In April 2023, the US government warned that the North Korea-linked Lazarus Group, which has been blamed for numerous high-profile cyberattacks, was targeting entities and exchanges in the blockchain and cryptocurrency industry to generate and launder funds.
Based on the shared indicators of compromise associated with this campaign, which the US government named TraderTraitor, GitHub linked North Korea to social engineering attacks targeting employees at technology firms in July.