The US Federal Bureau of Investigation (FBI) warned on Tuesday that threat artists linked to North Korea may be attempting to cash in on stolen cryptocurrency worth more than $40 million.
The law enforcement agency attributed the blockchain activity to a rival named TraderTraitor, also known by the US government as Jedi Sleet.
An FBI investigation found that the group moved approximately 1,580 bitcoins from multiple cryptocurrency robberies and currently holds those funds in six different wallets.
North Korea is known for blurring the lines between cyber warfare, espionage and financial crime. TraderTraitor, in particular, has been linked to a series of attacks targeting blockchain and cryptocurrency exchanges with the goal of legitimizing digital assets in order to generate illegal revenue for the sanctions-hit nation.
This includes the theft of $60 million in virtual currency from AlphaPo on June 22, 2023; $37 million worth of virtual currency was stolen from CoinsPaid on June 22, 2023; and the theft of $100 million in virtual currency from Atomic Wallet on June 2, 2023, as well as attacks targeting Sky Mavis’ Ronin Network and Harmony Horizon Bridge last year.
The cluster shares overlap with another North Korean group called APT38 (aka BlueNoroff or Stardust Chollima), which is, in turn, part of the larger Lazarus group. Google-owned Mandiant last month also linked TraderTraitor to UNC4899, a hacking crew attributed to the late June 2023 JumpCloud hack.
According to data compiled by blockchain intelligence firm TRM Labs, North Korean hackers are estimated to have stolen over $2 billion in cryptocurrencies since 2018 as part of a series of 30 attacks, with $200 million stolen in 2023 alone.
“Private sector entities should examine the blockchain data associated with these addresses and be alert to transactions made or received directly from these addresses,” the FBI said.