Skip to content Skip to footer

FBI notifies exchanges of funds linked to North Korean Hackers, flags six wallets

The FBI flagged six wallets used by hackers and asked for caution from crypto firms.

The Federal Bureau of investigation (FBI) has identified wallets belonging to North Korean Hackers preparing to cash out millions of dollars.

The group behind the attacks is a well known group of hackers from the hermit country.

FBI flags six wallets

On Tuesday, the FBI notified crypto exchanges and companies about recent blockchain activity linked to North Korean Hackers. The activity involved the cash out of $40M in cryptocurrency by the hackers known as the Lazarus Group, or as APT38 and “TraderTraitor.

The FBI noted that the group moved around 1,580 BTC from several crypto heists.

In the press release, the agency published the list of the flagged wallets associated with North Korea’s hacking group:


The Office of Foreign Assets Control of the US Treasury sanctioned individuals in April after the FBI previously revealed attacks against multiple crypto companies. The FBI notification is part of a larger move to combat the DPRK’s aggressive cybercrime tactics, including virtual currency theft.

“The FBI will continue to expose and combat the DPRK’s use of illicit activities — including cybercrime and virtual currency theft — to generate revenue for the regime,” the FBI said.

Read more: Atomic Wallet still can’t explain what caused hack that led to $100M in losses

Lazarus Group notorious for several thefts

According to the FBI statement, the hackers are associated with: “the $60 million theft of virtual currency from Alphapo on June 22, 2023; the $37 million theft of virtual currency from CoinsPaid on June 22, 2023; and the $100 million theft of virtual currency from Atomic Wallet on June 2, 2023.”

The involvement of North Korean hackers in crypto theft is not new. On June 22, 2023, the Lazarus group stole digital assets from the Alphapo payment platform. It also committed a $37 million theft on the same day, taking advantage of cryptocurrency payment service provider CoinsPaid.

In June, the group also stole from Atomic Wallet. The breach saw hacks compromise about 5,000 customers wallets to steal over $100M. Elliptic, a blockchain analysis firm said that it was confident that the Lazarus group was behind the hack, stating that the hack followed “a series of steps that exactly match those employed to launder the proceeds of past hacks perpetrated by Lazarus Group.”

Yesterday, the US Department of Justice (DOJ) and the Treasury in a coordinated effort arrested and charged the founders of crypto mixing service, Tornado Cash. The founders are accused of facilitating money laundering for the Lazarus Group too.

TRM Labs, a blockchain intelligence firm claimed that North Korean hackers had stolen about $2B in cryptocurrencies over the course of more than 30 attacks since 2018 — including nearly $1B in 2022 alone. According to the firm, Lazarus Group has so far stolen about $200M in 2023, or more than 20% of all the cryptocurrency stolen this year so far.

Disclaimer: CryptoPlug does not recommend that any cryptocurrency should be bought, sold, or held by you. Do conduct your own due diligence and consult your financial advisor before making any investment decisions.

Leave a comment

Go to Top