FBI warns that North Korean hackers are trying to cash bit coins worth about 6 billion yen stolen



Of the hundreds of millions of dollars worth of Bitcoin stolen in 2022 by the North Korean hacker group

TraderTraitor , known as the Lazarus Group or APT38, $40 million The US Federal Bureau of Investigation (FBI) has warned virtual currency companies that they are trying to convert more Bitcoins.

FBI Identifies Cryptocurrency Funds Stolen by DPRK — FBI
https://www.fbi.gov/news/press-releases/fbi-identifies-cryptocurrency-funds-stolen-by-dprk






FBI: Lazarus hackers readying to cash out $41 million in stolen crypto
https://www.bleepingcomputer.com/news/security/fbi-lazarus-hackers-readying-to-cash-out-41-million-in-stolen-crypto/
FBI warns North Korean hackers poised to cash out more than $40 million in bitcoin |
https://www.theblock.co/post/246942/fbi-warns-north-korean-hackers-poised-to-cash-out-more-than-40-million-in-bitcoin

On August 22, 2023, the FBI transferred about 1,580 bitcoins (equivalent to about 6 billion yen) illegally obtained from several cryptocurrency hacks by TraderTraitor officials, divided them into 6 bitcoin addresses, and stored them. announced that it had identified what it was doing. Below is the bitcoin address used by TraderTraitor published by the FBI.

3LU8wRu4ZnXP4UM8Yo6kkTiGHM9BubgyiG
39idqitN9tYNmq3wYanwg3MitFB5TZCjWu
3AAUBbKJorvNhEUFhKnep9YTwmZECxE4Nk
3PjNaSeP8GzLjGeu51JR19Q2Lu8W2Te9oc
3NbdrezMzAVVfXv5MTQJn4hWqKhYCTCJoB
34VXKa5upLWVYMXmgid6bFM4BaQXHxSUoL


By disclosing the bitcoin addresses used by TraderTraitor, the FBI allows private companies that handle cryptocurrencies to investigate the blockchain data associated with these addresses, allowing them to conduct direct transactions with or from such addresses. We are urging caution not to do business with derived addresses.

In addition, the FBI has reported about 60 million dollars (about 8.7 billion yen) of virtual currency stolen from the virtual currency payment provider ' Alphapo ' in July 2023, and about 60 million dollars from the virtual currency wallet provider ' CoinsPaid '. We are reporting that TraderTraitor's involvement in the illegal outflow of virtual currency worth 37 million dollars (about 5.4 billion yen) has been confirmed.



At the time of the incident, CoinsPaid said, ``Employees were tricked by phishing emails and downloaded software containing malware, resulting in an unauthorized intrusion into the system.'' According to overseas media The Block, phishing scams and methods of downloading software containing malware are common methods for TraderTraitor to steal virtual currency.

Not only has it been reported by South Korean intelligence agencies that a North Korean hacker group has stolen cryptocurrencies worth a total of 1.5 trillion won (approximately 160 billion yen) over the five years from 2018 to 2022. It has also been reported that the stolen virtual currency is being used for activities important to the North Korean government, such as the development of ballistic missiles and nuclear weapons.

In North Korea, theft of virtual currency is one of the regime's main sources of income - GIGAZINE



The FBI criticized North Korea by name, saying, ``North Korea is engaged in illegal activities such as cybercrime and virtual currency theft,'' and ``FBI will continue to fight these crimes that are a source of income for the North Korean government.'' said.

in Security, Posted by log1r_ut