Rewterz Threat Alert – FBI Warns of Impending Cash-Out by North Korean Hackers Following Notable Crypto Heists

Severity

High

Analysis Summary

The Federal Bureau of Investigation (FBI) has disclosed information regarding the activities of six cryptocurrency wallets linked to North Korea-affiliated threat actors. These wallets collectively contain around 1,580 Bitcoins, valued at approximately $41 million, believed to be connected to recent thefts of hundreds of millions of dollars in cryptocurrency.

They issued an alert, warning cryptocurrency companies about blockchain activities associated with the thefts, tracing the stolen cryptocurrency to individuals associated with the Democratic People’s Republic of Korea (DPRK), specifically the TraderTraitor group, also known as Lazarus Group or APT38. The FBI suspects that the DPRK might attempt to convert the stolen Bitcoin, which exceeds $40 million, into cash.

The investigation revealed that these TraderTraitor-linked actors moved the stolen Bitcoin from several cryptocurrency heists to six specific wallets, identified by their addresses:

• 3LU8wRu4ZnXP4UM8Yo6kkTiGHM9BubgyiG
• 39idqitN9tYNmq3wYanwg3MitFB5TZCjWu
• 3AAUBbKJorvNhEUFhKnep9YTwmZECxE4Nk
• 3PjNaSeP8GzLjGeu51JR19Q2Lu8W2Te9oc
• 3NbdrezMzAVVfXv5MTQJn4hWqKhYCTCJoB
• 34VXKa5upLWVYMXmgid6bFM4BaQXHxSUoL

The DPRK-affiliated hackers targeted various platforms, including Atomic Wallet, Alphapo, and CoinsPaid, amassing significant sums—$100 million from Atomic Wallet, $60 million from Alphapo, and $37 million from CoinsPaid.

This isn’t the first instance of North Korean APT groups targeting cryptocurrencies. Previous operations include attacks on Harmony’s Horizon bridge and Sky Mavis’ Ronin Bridge. 

Based on data aggregated by a blockchain intelligence company, hackers affiliated with North Korea are believed to have pilfered more than $2 billion in cryptocurrencies starting from 2018 through a sequence of around 30 cyberattacks. Notably, the year 2023 alone witnessed a theft of approximately $200 million.

The FBI advises private entities to carefully analyze blockchain data related to the identified wallet addresses and be cautious when engaging in transactions involving these addresses.

“Private sector entities should examine the blockchain data associated with these addresses and be vigilant in guarding against transactions directly with, or derived from, the addresses,” the notice concludes.

The latest notice emphasizes ongoing cooperation between law enforcement and the cryptocurrency industry, highlighting the challenges the digital asset world faces in security. This situation underscores the severity of threats the cryptocurrency industry confronts. Nevertheless, it also underscores the potential for innovation and collaboration in tackling these challenges. The combined efforts of law enforcement, exchanges, and other industry stakeholders are shaping a future that effectively balances opportunities with security, despite complex hacking threats and regulatory hurdles.

Impact

• Financial Loss
• Crypto Theft

Recommendations

• Cryptocurrency companies should bolster their overall security posture by implementing advanced security measures, including multi-factor authentication (MFA), strong access controls, and encryption.
• Develop and regularly update an incident response plan that outlines the steps to take in case of a security breach. Test the plan through simulations to ensure its effectiveness.
• Conduct regular security audits and vulnerability assessments to identify and remediate potential weaknesses within cryptocurrency platforms and wallets.
• Educate users about security best practices, including how to recognize phishing attempts, safeguard private keys, and enable strong authentication methods.
• Perform red team exercises to simulate attacks and identify vulnerabilities.
• Deploy advanced threat detection tools that monitor for anomalous activities and unauthorized access attempts on cryptocurrency platforms.
• Work closely with law enforcement agencies to provide necessary information, cooperate during investigations, and aid in tracking down threat actors.
• Maintain transparent communication with users and stakeholders about security incidents, the measures taken to mitigate risks, and any recommended actions.
• Implement continuous monitoring of networks and systems to quickly detect and respond to any suspicious activities or unauthorized access.
• Be aware of geopolitical tensions and political developments that might impact the threat landscape. Such awareness can inform security strategies.