FBI Tells Crypto Exchanges to Block Lazarus Hackers’ Wallets

The feds are making a push to block North Korean hackers from cashing in on stolen crypto, advising exchanges to keep an eye out for transactions involving six key wallets.

Lazarus Group, also known as APT38 and TraderTraitor, are known to have stolen hundreds of millions of dollars in cryptocurrency in a series of heists, the FBI says.

“Over the last 24 hours, the FBI tracked cryptocurrency stolen by the Democratic People's Republic of Korea (DPRK) TraderTraitor-affiliated actors (also known as Lazarus Group and APT38),” reads the press release.

The feds say the cybercrooks are trying to cash out stolen Bitcoin worth more than $40 million. The agency urges brokerages and exchanges to watch out for transactions involving six wallets traced to the cybercrime ring.

“The FBI investigation found the TraderTraitor-affiliated actors moved approximately 1,580 bitcoin from several cryptocurrency heists,” says the fed, “and are currently holding those funds in following bitcoin addresses:

3LU8wRuZnXP4UM8Yo6kkTiGHM9BubgyiG

39idqitN9tYNmq3wYanwg3MitFB5TZCjWu

3AAUBbKJorvNhEUFhKnep9YTwmZECxE4Nk

3PjNaSeP8GzLjGeu51JR19Q2Lu8W2Te9oc

3NbdrezMzAVVfXv5MTQJn4hWqKhYCTCJoB

34VXKa5upLWVYMXmgid6bFM4BaQXHxSUoL”

The FBI blames Lazarus for several high-profile international cryptocurrency heists, including: the $60 million theft of virtual currency from Alphapo on June 22, 2023; the $37 million theft of virtual currency from CoinsPaid on June 22, 2023; and the $100 million theft of virtual currency from Atomic Wallet on June 2, 2023.

Atomic Wallet confirmed as much in June, notifying customers that a large-scale hack caused the centralized storage and wallet service to lose tokens exceeding $35 million. In the aftermath, Atomic said the hack affected only 1% of monthly active users. At the time, the blockchain interface advised users to transfer any remaining funds to another wallet immediately to prevent further losses.

Scammers soon began exploiting the hack, setting up phony Twitter accounts announcing a limited $1.2 million refund for potential victims.

The FBI previously provided information on their attacks against Harmony’s Horizon bridge and Sky Mavis’ Ronin Bridge.

The feds are now instructing private sector entities to “examine the blockchain data associated with these addresses and be vigilant in guarding against transactions directly with, or derived from, the addresses.”