FBI Warns of $41 Million Virtual Currency Theft by Lazarus Group
The Federal Bureau of Investigation (FBI) is cautioning the public about the theft of approximately $41 million in virtual currency from Stake.com, an online casino and betting platform. The FBI has confirmed that the theft occurred around September 4, 2023, and attributes it to the Lazarus Group, also known as APT38, which consists of cyber actors from North Korea.
According to the FBI investigation, the DPRK cyber actors moved the stolen funds associated with Ethereum, Binance Smart Chain, and Polygon networks from Stake.com to specific virtual currency addresses. This notorious Lazarus Group is also responsible for several other high-profile international virtual currency heists. In 2023 alone, they have managed to steal more than $200 million.
Among their recent thefts, the DPRK cyber actors stole approximately $60 million of virtual currency from Alphapo and CoinsPaid on or about July 22, 2023, and approximately $100 million of virtual currency from Atomic Wallet around June 2, 2023. The FBI previously released information on the DPRK’s attacks against Harmony’s Horizon Bridge and Sky Mavis’ Ronin Bridge and issued a cybersecurity advisory on TraderTraitor.
In 2019, the U.S. Department of Treasury’s Office of Foreign Assets Control (OFAC) had already sanctioned the Lazarus Group. Now, private sector entities are encouraged to review the earlier released Cyber Security Advisory on TraderTraitor. They should also examine the blockchain data associated with the virtual currency addresses mentioned above and remain vigilant in guarding against transactions directly with or derived from those addresses.
The FBI is determined to expose and combat the DPRK’s use of illicit activities, including cybercrime and virtual currency theft, to generate revenue for the regime. If you have any information about these crimes, please contact your local FBI field office or report it to the FBI’s Internet Crime Complaint Center at ic3.gov.
The Lazarus Group, also known by aliases such as Guardians of Peace or Whois Team, is a cybercrime group believed to be run by the government of North Korea. Although limited information is available regarding the group, researchers have attributed numerous cyberattacks to them from 2010 to 2021. Originally viewed as a criminal group, the Lazarus Group has now been classified as an advanced persistent threat due to its intended nature, threat level, and diverse range of methods employed during operations. Cybersecurity organizations have assigned various names to them, including Hidden Cobra (used by the United States Department of Homeland Security) and Zinc (by Microsoft).
Follow crowdfundingmagazine on Instagram: @crowdfundingmagazine_it