The FBI is issuing this update to caution the general public regarding the theft of approximately $41 million in virtual currency from Stake.com, an online casino and betting platform.
The FBI has confirmed that this theft took place “on or about September 4, 2023, and attributes it to the Lazarus Group (also known as APT38), which is comprised of DPRK cyber actors. ”
The FBI investigation has “revealed that DPRK cyber actors moved stolen funds associated with the Ethereum, Binance Smart Chain (BSC), and Polygon networks from Stake.com into the following virtual currency addresses.”
These same DPRK actors are also “responsible for several other high-profile international virtual currency heists.”
In 2023 alone, DPRK cyber actors have “stolen more than $200 million.”
This amount includes, but is “not limited to, approximately $60 million of virtual currency from Alphapo and CoinsPaid on or about July 22, 2023, and approximately $100 million of virtual currency from Atomic Wallet on or about June 2, 2023.”
The FBI had previously “provided information to the public regarding the DPRK’s attacks against Harmony’s Horizon bridge and Sky Mavis’ Ronin Bridge and put out a cybersecurity advisory on TraderTraitor.”
In addition, the U.S. Department of Treasury’s Office of Foreign Assets Control (OFAC) had “sanctioned the Lazarus Group in 2019.”
Private sector entities are “encouraged to review the previously released Cyber Security Advisory on TraderTraitor and examine the blockchain data associated with the above-referenced virtual currency addresses and be vigilant in guarding against transactions directly with, or derived from, those addresses.”
The FBI will continue “to expose and combat the DPRK’s use of illicit activities to generate revenue for the regime, including cybercrime and virtual currency theft.”
If you have any information to provide, then you can contact your local FBI field office or the FBI’s Internet Crime Complaint Center at ic3.gov.
Lazarus Group (also known by other monikers such as Guardians of Peace or Whois Team) is a cybercrime group “made up of an unknown number of individuals run by the government of North Korea.”
While not much is known about the Lazarus Group, researchers have attributed many cyberattacks “to them between 2010 and 2021.” Originally a criminal group, the group has now “been designated as an advanced persistent threat due to intended nature, threat, and wide array of methods used when conducting an operation.”
Names given by cybersecurity organizations “include Hidden Cobra (used by the United States Department of Homeland Security to refer to malicious cyber activity by the North Korean government in general) and Zinc (by Microsoft).”