On Tuesday, the U.S. Federal Bureau of Investigation (FBI) warned that hackers affiliated with North Korea may have made attempts to cash out more than $40 million in stolen cryptocurrencies.
The law enforcement agency conducted an investigation and found blockchain activity related to an adversary known as TraderTraitor, who has been strongly linked to a string of attacks targeting blockchain networks and cryptocurrency exchanges.
FBI Locates Stolen Crypto Laundered By North Korean Hackers
The hacker group, which also goes by the name Jade Sleet, was found to have moved a loot of 1,580 Bitcoin, worth approximately $41.8 million, involved with various crypto exchange heists over the last 24 hours. The tokens in question are said to be held in six different wallets.
North Korea has been notorious for using hacker groups to attack financial firms and steal their assets to generate illicit revenue and fund the sanctions-hit nation’s weapons of mass destruction (WMD) programs.
In a statement released on August 22, the FBI said it will continue to expose and combat the Democratic People’s Republic of Korea’s (DPRK) use of illicit activities like cybercrime and cryptocurrency theft to generate revenue for its regime.
Hackers Linked To The DPRK Has Stolen Over $2 Billion In Cryptocurrencies Since 2018
According to blockchain intelligence firm TRM Labs, hackers affiliated with the DPRK have stolen more than $2 billion in cryptocurrencies in a series of 30 attacks since 2018.
Lazarus Group and APT38, two of the most notorious North Korean hacker groups, were behind a number of crypto-related hacks over the last few years.
So far this year, $200 million in cryptocurrencies have been stolen by the cluster.
This includes the $60 million exploit that occurred on Alphapo hot wallets, the $37 million worth of digital currencies stolen from crypto payment gateway CoinPaid, and the Atomic Wallet hack that led to the platform losing $100 million in cryptocurrencies. All of which took place in June.
Earlier this year, the FBI confirmed that Lazarus Group was behind the $100 million hack of Hamrony Protocol in June 2022. The agency reported the group to have laundered over $60 million in stolen ETH, six months after the attack, through a privacy protocol called RAILGUN in an attempt to hide their transactions. The hackers targeted a cross-chain bridge network that connected Harmony to Ethereum, Bitcoin, and Binance Chain blockchains.
Similarly, in April 2022, Lazarus was held responsible by the U.S. government for the hack that occurred on the Ethereum sidechain, Ronin Network, which is used by the play-to-earn game Axie Infinity.
The exploit had taken place a month prior when the bridge connecting Ronin to the Ethereum mainnet was attacked using private keys stolen by the bad actors from the network’s administrators.
The culprits used the administrator keys to transfer cryptocurrencies worth $622 million from five of the nine active validator nodes on the Ronin Network. The loot included 173,600 wrapped Ether (WETH) and 25.5 million USDC stablecoin, making it the second-largest DeFi hack in history.
Last month, blockchain security firm Mandiant linked TraderTritor to UNC4899, a hacking group being held responsible for the breach that occurred on the American enterprise software company JumpCloud in June.
Mandiant found that the attackers create fake resumes for remote job offers listed by crypto companies in an effort to get appointed and gain access to their internal systems.
U.S. Government Sanctions Tornado Cash For Obscuring Illicit Crypto Transactions
In response to the events, the U.S. Treasury Department sanctioned Tornado Cash for allowing North Korean hackers to launder the stolen virtual assets. Tornado Cash is a protocol that allows users to transfer cryptocurrencies from one wallet to another via different addresses, making it harder to track the location of the original wallet.
The U.S. government said the Ethereum-based “crypto mixer” was used by the Lazarus Group to launder $455 million in stolen cryptocurrencies.
According to data released by cybersecurity firm Nansen, an estimated 18% of Ether transferred through Tornado Cash in recent months belonged to the Ronin hack.
The FBI has issued a stern warning to U.S. private sector companies, asking them to examine the blockchain data associated with the sanctioned addresses and be vigilant in guarding against transactions “directly with, or derived from” the wallets.
The agency also asked businesses to not hire freelancers from North Korea as they may potentially be hiding their true identity and connection to the North Korean government.