The FBI has identified the infamous Lazarus hacker group, known for its ties to North Korea, as the mastermind behind a $41 million theft on the website “Stake.” According to the official statement released by the FBI on Wednesday, the shocking heist that rocked the crypto world occurred on or around September 4, 2023.
Also known as APT38, the Lazarus Group has gained notoriety for its involvement in numerous high-profile international cryptocurrency heists. The FBI’s investigation into this latest incident has revealed a concerning cybercrime activity model that links DPRK actors to multiple thefts in the crypto ecosystem.
In 2023 alone, these DPRK actors have managed to siphon off over $200 million from ill-gotten digital wealth. This alarming figure includes approximately $60 million worth of virtual currency stolen from Alphapo and CoinsPaid on July 22, 2023, and $100 million worth of virtual currency looted from Atomic Wallet on June 2, 2023, among others. This serves as clear evidence of the audacity and skill of the Lazarus Group in the realm of cybercrime.
The malicious activities of the Lazarus Group have not gone unnoticed by US officials. The FBI had previously issued warnings and cybersecurity advice regarding DPRK’s attacks on platforms like Harmony’s Horizon Bridge and Sky Mavis’s Ronin Bridge. Furthermore, in 2019, the US Department of the Treasury’s Office of Foreign Assets Control imposed sanctions on the Lazarus Group.
The FBI’s statement serves as a reminder for private sector organizations operating in the cryptocurrency space to remain vigilant. They are urged to review previous cybersecurity advice, especially regarding TraderTraitor, and examine blockchain data associated with identified virtual currency addresses. This could be crucial in protecting against transactions involving these addresses or derived from them.
The FBI, committed to combating illegal activities by DPRK, pledges to continue uncovering cybercrimes and crypto thefts while actively fighting against them. The agency encourages anyone with information about these activities to contact their local FBI field office or the FBI’s Internet Crime Complaint Center.