FBI flags imminent sale of $40M in stolen crypto funds linked to North Korea
The stolen funds are said to derive from several hacks this year, including $60 million from Alphapo and $37 million from CoinsPaid
ozrimoz/Shutterstock, modified by Blockworks
The FBI has issued a warning to crypto companies over recent blockchain activities tied to the theft of hundreds of millions of dollars by the Democratic People’s Republic of Korea (DPRK).
TraderTraitor-affiliated actors, also known as the Lazarus Group and APT38, are accused by the state of siphoning off funds from several crypto protocols and projects last year.
Over the last 24 hours, the FBI said it has tracked about 1,580 bitcoin (BTC), worth more than $40 million, stolen by the DPRK and held in six Bitcoin addresses. The Bureau believes the DPRK may attempt to liquidate the digital assets held therein, according to a statement.
Private sector entities are urged to examine the recent blockchain data linked to the addresses provided by the FBI on Tuesday and be vigilant against transactions directly with or derived from them.
“The FBI will continue to expose and combat the DPRK’s use of illicit activities — including cybercrime and virtual currency theft — to generate revenue for the regime,” it said in a statement.
Among the high-profile international crypto heists attributed to DPRK includes the theft of $60 million from payment providers Alphapo on June 22 and $37 million from CoinsPaid on the same day. A further $100 million from Atomic Wallet at the start of that month has also been flagged.
The thefts from Lazarus last year prompted warnings from several nations, including Japanese local authorities, to provide preventive measures against further attacks. On Monday, cybersecurity firm Palo Alto Networks’ CEO Nikesh Arora told CNBC in an interview, that companies needed to beef up and modernize their systems in a bid to shield themselves from “bad actors.”
The FBI previously confirmed attacks against Harmony’s Horizon bridge and Sky Mavis’ $625 million hack on Ethereum-linked sidechain Ronin Bridge last year, alongside a Cybersecurity Advisory on TraderTraitor.
Lazarus made attempts to move funds worth $63 million linked to the Horizon bridge, though concerted efforts from the industry, including exchanges, blocked the transfers.
In April, the US Treasury’s Office of Foreign Assets Control sanctioned three individuals, Wu Huihui, Cheng Hung Man and Sim Hyon Sop with alleged ties to the group.
Get the news in your inbox. Explore Blockworks newsletters:
- Blockworks Daily: The newsletter that helps thousands of investors understand crypto and the markets, by Byron Gilliam.
- Empire: Start your morning with the top news and analysis to inform your day in crypto.
- Forward Guidance: Reporting and analysis on the growing intersection of crypto and macroeconomics, policy and finance.
- 0xResearch: Alpha directly in your inbox. Market highlights, data, degen trade ideas, governance updates, token performance and more.
- Lightspeed: Built for Solana investors, developers and community members. The latest from one of crypto’s hottest networks.
- The Drop: For crypto collectors and traders, covering apps, games, memes and more.
- Supply Shock: Tracking Bitcoin’s rise from internet plaything worth less than a penny to global phenomenon disrupting money as we know it.
