The FBI has issued a warning to cryptocurrency companies regarding recent blockchain activity connected to the theft of millions of dollars in cryptocurrency [3] [5]. The agency has identified the Lazarus Group, also known as APT38 or TraderTraitor [2], affiliated with the Democratic People’s Republic of Korea (DPRK) [2] [3], as responsible for these thefts.


The Lazarus Group [1] [2] [3] [4] [5], a North Korean hacking group, has stolen over $40 million worth of cryptocurrency, specifically 1,580 bitcoins, from various cryptocurrency companies [3] [4] [5]. They targeted Alphapo, CoinsPaid [2] [3] [5], and Atomic Wallet [2] [3] [5], stealing $60 million, $37 million, and $100 million respectively. The FBI advises private sector entities to be vigilant in guarding against transactions with the identified bitcoin addresses [5]. The North Korean hackers are preparing to cash out the stolen funds in the coming days [5]. It is important to note that North Korea has been known to use crypto thefts to fund its nuclear weapons program [5]. In fact, the Lazarus Group alone has stolen approximately $200 million in cryptocurrency in 2023 alone [5]. The U.S. [5] government has offered a $10 million reward for information on members of state-sponsored North Korean threat groups [5], including Lazarus Group [5].

The FBI is dedicated to combating the DPRK’s illicit activities [2] [3], including cybercrime and virtual currency theft [2] [3] [4], and encourages individuals with information to contact the agency [2]. They have been closely monitoring the movements of stolen cryptocurrency [1], worth hundreds of millions of dollars [1] [2] [3], which is believed to be linked to the Lazarus Group [1], APT38 [1] [2] [3] [4], and TraderTraitor [1] [2] [4]. The FBI suspects that the DPRK, through its TraderTraitor-affiliated agents [1] [3], will attempt to liquidate $40 million worth of bitcoin holdings [1]. They have discovered approximately 1,580 stolen bitcoins held at various bitcoin addresses [1]. The FBI has issued an advisory to the private sector [1], urging increased scrutiny of blockchain data associated with the implicated addresses [1].

The Lazarus Group [1] [2] [3] [4] [5], known for using the TraderTraitor toolkit [1], has infiltrated cryptocurrency companies and exchanges using cyber tools [1]. The FBI’s focus on these cyber activities highlights their ongoing fight against digital larceny and the covert financial foundations of rogue regimes [1]. The FBI suspects that North Korea may be preparing to cash out over $40 million worth of Bitcoin [4]. They have identified specific Bitcoin addresses linked to the Lazarus Group and APT38 [4], known as TraderTraitor [4], who have successfully transferred approximately 1,580 bitcoins sourced from various cryptocurrency heists [4]. These addresses have been traced back to high-profile international cryptocurrency thefts [4]. The FBI urges cryptocurrency entities to closely scrutinize blockchain data associated with these addresses [4].


The theft of millions of dollars in cryptocurrency by the Lazarus Group, a North Korean hacking group, raises concerns about the security of the cryptocurrency industry. The FBI’s warning and advisory to cryptocurrency companies emphasize the need for increased vigilance and scrutiny of blockchain data. The thefts also highlight the use of crypto thefts by North Korea to fund its nuclear weapons program. The ongoing fight against cybercrime and the covert financial activities of rogue regimes remains a priority for the FBI and other law enforcement agencies. Collaboration between cryptocurrency companies and law enforcement is crucial in combating cybercriminals like the Lazarus Group and protecting the integrity of the cryptocurrency market.