The US Federal Bureau of Investigation (FBI) discovered that the North Korean hacking collective – the Lazarus Group – has drained cryptocurrencies worth millions of dollars through several attacks in the past few years.

The security agency believes the wrongdoers could soon cash out 1,580 BTC (worth almost $41 million at current prices).

Stay Focused on the Lazarus’ Actions

The FBI released a statement to notify cryptocurrency companies about a potential move that the Lazarus (APT38) is about to make. 

According to the law enforcement organization, the North Korean hackers have স্থানান্তরিত 1,580 of their BTC stash (generated through numerous thefts in the recent past) to six addresses. The FBI thinks this step is a sign of a future sale of those assets (currently worth around $40.8 million). 

“Private sector entities should examine the blockchain data associated with these addresses and be vigilant in guarding against transactions directly with, or derived from, the addresses. The FBI will continue to expose and combat the DPRK’s use of illicit activities—including cybercrime and virtual currency theft—to generate revenue for the regime,” the FBI alerted.

Lazarus has been connected to multiple crypto heists over the past few years, including one of the largest in the industry: the $600 million exploit of Ronin Bridge. The FBI maintained that the collective was also responsible for the $60 million theft of digital currencies from Alphapo in June this year and the breach of Harmony’s Horizon bridge in 2022, which resulted in losses worth $100 million.

The Lazarus Group: North Korea’s Cyber Weapon

The Pyongyang-led cybercrime organization has made the headlines not once or twice over the past decade. According to Wikipedia, the entity was established in 2009 for the purpose of cyberespionage. With the advancement of the cryptocurrency sector, the group shifted its focus, targeting exchanges and all kinds of platforms to drain digital assets from them.

The Lazarus hackers are well-trained to deploy malware of all types onto computer networks and servers. The Center for a New American Security (CNAS) সতর্ক last year that the group employs sophisticated techniques to steal and launder cryptocurrencies:

"এই প্রধান অনুপ্রবেশের মধ্যে একটি পরিশীলিত হ্যাকিং এবং লন্ডারিং কৌশল অন্তর্ভুক্ত ছিল, যার মধ্যে একটি পেশাদার মিশ্রণ পরিষেবা এবং কার্যকলাপকে অস্পষ্ট করার প্রয়াসে নতুন DeFi প্ল্যাটফর্মের ব্যবহার রয়েছে।"

A White House official went further this year, alleging North Korea of funding 50% of its missile experiments via funds stolen by the Lazarus. The blockchain data platform – Chainalysis – আনুমানিক that the entity embezzled approximately $1.7 billion worth of crypto in 2022.