DPRK cyber crooks may try to cash out $40m in crypto • The Register

Lazarus Group, the infamous cryptocurrency thieves backed by North Korea, may try to liquidate a stash of stolen Bitcoin worth more than $40 million, according to the FBI.

In an alert issued on Tuesday, agents said they tracked the purloined cryptocurrency over the past 24 hours. During the investigation, they found that Kim Jong Un’s cyber goons, which the FBI calls TraderTraitor and is more widely known as Lazarus Group, moved about 1,580 Bitcoin from several cryptocurrency heists, and are currently holding those funds in these six wallets:

1. 3LU8wRu4ZnXP4UM8Yo6kkTiGHM9BubgyiG
2. 39idqitN9tYNmq3wYanwg3MitFB5TZCjWu
3. 3AAUBbKJorvNhEUFhKnep9YTwmZECxE4Nk
4. 3PjNaSeP8GzLjGeu51JR19Q2Lu8W2Te9oc
5. 3NbdrezMzAVVfXv5MTQJn4hWqKhYCTCJoB
6. 34VXKa5upLWVYMXmgid6bFM4BaQXHxSUoL

One BTC is worth $26,500 at time of writing.

Uncle Sam has urged organizations to not accept transactions with the above wallets, and said it believes the gang may try to cash out.

“Private sector entities should examine the blockchain data associated with these addresses and be vigilant in guarding against transactions directly with, or derived from, the addresses,” the FBI warned.

This and other DPRK-sponsored groups are famous for plotting and pulling off multi-million crypto heists, laundering the money, and then sending it back to North Korea to fund the regime’s nuclear and missile development programs.

Most recently, on June 22 Lazarus Group stole $60 million in virtual currency from Alphapo, which processes payments for gambling services. On the same day, the thieves pocketed $37 million in cryptocurrency from CoinsPaid, and earlier that month they drained $100 million from Atomic Wallet accounts.

The North Korean gang was also behind last year’s multi-million attacks on Harmony’s Horizon bridge ($100 million) and Ronin Network, where they stole about $620 million in the largest-ever virtual currency heist.

Uncle Sam has previously put a $5 million bounty on information that helps disrupt North Korea’s cryptocurrency theft, cyber-espionage, and other illicit state-backed activities. 

And in April, the Feds indicted three men for their roles in money-laundering conspiracies designed to channel ill-gotten cryptocurrency gains into North Korea’s weapons programs.

Earlier this month private-sector security researchers said Lazarus Group and ScarCruft, another North Korean-backed crew, were behind a six-month-long cyber-espionage campaign to steal Russian military tech.

According to SentinelOne, the criminals broke into Russian missile and satellite developer NPO Mashinostoyeniya’s internal systems, compromised the defense firm’s email server, and deployed a Windows backdoor, OpenCarrot, which enables total takeover of infected machines and coordination across an infected network. ®