FBI flags imminent sale of $40M in stolen crypto funds linked to North Korea

The stolen funds are said to derive from several hacks this year, including $60 million from Alphapo and $37 million from CoinsPaid


ozrimoz/Shutterstock, modified by Blockworks


The FBI has issued a warning to crypto companies over recent blockchain activities tied to the theft of hundreds of millions of dollars by the Democratic People’s Republic of Korea (DPRK).

TraderTraitor-affiliated actors, also known as the Lazarus Group and APT38, are accused by the state of siphoning off funds from several crypto protocols and projects last year.

Over the last 24 hours, the FBI said it has tracked about 1,580 bitcoin (BTC), worth more than $40 million, stolen by the DPRK and held in six Bitcoin addresses. The Bureau believes the DPRK may attempt to liquidate the digital assets held therein, according to a statement.

Private sector entities are urged to examine the recent blockchain data linked to the addresses provided by the FBI on Tuesday and be vigilant against transactions directly with or derived from them.

“The FBI will continue to expose and combat the DPRK’s use of illicit activities — including cybercrime and virtual currency theft — to generate revenue for the regime,” it said in a statement.

Among the high-profile international crypto heists attributed to DPRK includes the theft of $60 million from payment providers Alphapo on June 22 and $37 million from CoinsPaid on the same day. A further $100 million from Atomic Wallet at the start of that month has also been flagged.

The thefts from Lazarus last year prompted warnings from several nations, including Japanese local authorities, to provide preventive measures against further attacks. On Monday, cybersecurity firm Palo Alto Networks’ CEO Nikesh Arora told CNBC in an interview, that companies needed to beef up and modernize their systems in a bid to shield themselves from “bad actors.”

The FBI previously confirmed attacks against Harmony’s Horizon bridge and Sky Mavis’ $625 million hack on Ethereum-linked sidechain Ronin Bridge last year, alongside a Cybersecurity Advisory on TraderTraitor. 

Lazarus made attempts to move funds worth $63 million linked to the Horizon bridge, though concerted efforts from the industry, including exchanges, blocked the transfers.

In April, the US Treasury’s Office of Foreign Assets Control sanctioned three individuals, Wu Huihui, Cheng Hung Man and Sim Hyon Sop with alleged ties to the group.

Don’t miss the next big story – join our free daily newsletter.


Upcoming Events

MON - WED, MARCH 18 - 20, 2024

Digital Asset Summit (DAS) is returning March 2024. What you can expect: And more! Don’t miss out on the opportunity to be in the room when the future of crypto is decided. Join us and help shape the future of our […]

recent research

Research report - cover graphics-2.jpg


Base has doubled-down on its commitment to the Superchain vision, has shown early signs of success with nearly $400M in TVL, and has become home to novel dapps such as friend.tech which has seen significant traction.


Certain creditors could be repaid sooner, with one hedge fund exec telling Blockworks it expects a payout by the end of the year


Busan is South Korea’s second largest city with a population around 3.4 million


Cyprus granted eToro crypto registration, setting the groundwork for the company to operate crypto services post-MiCa rollout



These are the best tools and practices you can leverage to defend against crypto market volatility


The agency alleges around 1,160 customers used the margin product, losing about $8.35 million since Oct. 2021.


On Thursday, the Securities and Futures Commission issued a statement disavowing any communication with JPEX saying that the platform is unlicensed