The FBI has tracked hundreds of millions of dollars in cryptocurrency stolen by the Democratic People’s Republic of Korea (DPRK) TraderTraitor-affiliated actors, more commonly referred to as Lazarus Group or APT38, and is now warning cryptocurrency companies of this malicious blockchain activity.

In an investigation, the FBI found that these threat actors moved 1,580 bitcoins from multiple cryptocurrency heists and are holding the funds in six different bitcoin addresses. The group may attempt to cash out the stolen cryptocurrency, amounting to more than $40 million.

This cybercrime group was also responsible for multiple high-profile heists in June spanning multiple countries, including $60 million of the virtual currency from Alphapo, $37 million from CoinsPaid, and $100 million from Atomic Wallet.

The federal agency recommends that private sector entities examine these bitcoin addresses as well as any blockchain data associated with them. These entities should also be hyperaware of guarding against transactions from these particular addresses: 

1. 3LU8wRu4ZnXP4UM8Yo6kkTiGHM9BubgyiG
2. 39idqitN9tYNmq3wYanwg3MitFB5TZCjWu
3. 3AAUBbKJorvNhEUFhKnep9YTwmZECxE4Nk
4. 3PjNaSeP8GzLjGeu51JR19Q2Lu8W2Te9oc
5. 3NbdrezMzAVVfXv5MTQJn4hWqKhYCTCJoB
6. 34VXKa5upLWVYMXmgid6bFM4BaQXHxSUoL

“The FBI will continue to expose and combat the DPRK’s use of illicit activities — including cybercrime and virtual currency theft — to generate revenue for the regime,” the agency said in a statement. “If you have any information to provide, please contact your local FBI field office or the FBI’s Internet Crime Complaint Center at ic3.gov.”