FBI warns North Korean hackers poised to cash out more than $40 million in bitcoin

The U.S. Federal Bureau of Investigation warned crypto operators that entities connected to North Korean hackers may attempt to sell more than $40 million worth of bitcoin.

The intelligence and security service issued a statement today that it had tracked crypto stolen by entities (Lazarus Group and APT38) tied to the Democratic People’s Republic of Korea (DPRK), using tactics called “TraderTraitor.”

“The FBI believes the DPRK may attempt to cash out the bitcoin worth more than $40 million dollars,” the agency said, and added a list of Bitcoin addresses where the funds are currently held, having recently been moved.

“Private sector entities should examine the blockchain data associated with these addresses and be vigilant in guarding against transactions directly with, or derived from, the addresses,” the agency added.

The Lazarus Group in North Korea has consistently targeted the blockchain sector, utilizing spearphishing methods and malicious software to steal cryptocurrency. These attacks often begin with a multitude of spearphishing emails directed at IT employees, aiming to lure the recipients into downloading applications tainted with malware.

The U.S. government refers to these malicious applications as TraderTraitor.

A history of hacks

DPRK's TraderTraitor-affiliated actors tracked by the FBI are responsible for a number of high profile heists, including hits on Alphapo, CoinsPaid and Atomic Wallet.

Last year, the same group had carried out attacks on Harmony’s Horizon Bridge and Sky Mavis’s Ronin Bridge, the latter resulting in the loss of some $540 million.