FBI warns North Korean hackers looking to cash out stolen cryptocurrency worth millions
The FBI is warning cryptocurrency companies to be on the lookout for North Korean cyber thieves cashing out stolen bitcoin valued in the tens of millions of dollars.
North Korean hackers use cybertheft to circumvent sanctions and fund their regime, with the White House estimating that half of North Korea’s missile program is funded via cryptocurrency heists and cyberattacks.
The FBI published an alert this week saying North Korean hackers who were responsible for stealing nearly $200 million worth of cryptocurrency in June want to convert digital money into real funds. The bureau published identifiers of the bitcoin for companies to watch for in a warning Tuesday.
“Over the last 24 hours, the FBI tracked cryptocurrency stolen by the Democratic People’s Republic of Korea TraderTraitor-affiliated actors (also known as Lazarus Group and APT38),” the FBI said in the warning. “The FBI believes the DPRK may attempt to cash out the bitcoin worth more than $40 million.”
While $40 million is a hefty haul, cyber analysis firm Chainalysis said in February it observed North Korean-linked cybercriminals looting an estimated $1.7 billion worth of cryptocurrency in 2022 alone.
The Biden administration is aware of North Korea’s growing cyber theft operations. Top White House cyber official Anne Neuberger said in May that North Korea’s cyber operations were eating up a “lot of time and thought” in the administration.
The White House estimated half of the funding for North Korea’s missile program came from digital attacks, according to Ms. Neuberger at a Center for Strategic and International Studies event in May. She said the Treasury Department was tracking funding for the cyberattacks, and the Defense and State departments were digging for information on the hackers.
North Korea’s digital operations aren’t limited to cyber heists of cryptocurrency holders. For example, North Korean hackers targeted high-level current and former U.S. intelligence officials, media executives and national security scholars as part of a cyber campaign to breach computer networks, reported by The Washington Times in June.
The FBI, National Security Agency and State Department partnered with South Korean government agencies to publish an advisory warning of hacking and social engineering threats from North Korea as well.
North Korea’s reputation as a hermit kingdom should not give the financial sector comfort that it’s outside the reach of the regime’s hackers. The cybersecurity firm CrowdStrike this month said it detected a surge in attempted breaches against the financial service sector in the past year, with North Korean cyberattackers appearing to be the most aggressive state-sponsored cybercriminals responsible.