The FBI has issued a warning that North Korean cyber actors may seek to liquidate more than $40 million in stolen cryptocurrency. This announcement surfaced on Tuesday amid ongoing investigations into recent blockchain activities linked to a group identified by U.S. authorities as TraderTraitor, also known colloquially as Jade Sleet.
According to the FBI, this group has been implicated in the transfer of approximately 1,580 bitcoin from various cryptocurrency heists within the last 24 hours. Currently, these funds are reportedly distributed across six separate wallets, illustrating a sophisticated approach to concealing the stolen assets.
North Korea has a well-documented history of intertwining cyber warfare with acts of espionage and financial crime. TraderTraitor is connected to a series of high-profile attacks aimed at cryptocurrency exchanges and blockchain platforms, utilizing these acts as a means of generating illicit revenue to circumvent international sanctions imposed on the nation.
Recent thefts attributed to this group include the remarkable $60 million heist from Alphapo and a $37 million theft from CoinsPaid, both occurring on June 22, 2023. Additionally, they are believed to be behind the $100 million breach involving Atomic Wallet earlier that month, as well as targeted attacks on Sky Mavis’ Ronin Network and the Harmony Horizon Bridge in 2022, marking a continuing trend of aggression against the cryptocurrency sector.
This activity overlaps with that of another notorious North Korean threat group known as APT38, which is part of the broader Lazarus Group constellation. APT38 has been linked to numerous cryptocurrency thefts and the targeting of digital assets, further highlighting the pervasive nature of North Korea’s cyber ambitions. Recently, Mandiant, a Google subsidiary, connected TraderTraitor to UNC4899, a hacking group recognized for its involvement in the JumpCloud breach from late June 2023.
Estimates from blockchain intelligence firm TRM Labs suggest that North Korean hackers have pilfered in excess of $2 billion in cryptocurrencies since 2018, with 2023 alone seeing a staggering $200 million in stolen assets as part of 30 distinct attacks. This alarming trend emphasizes the importance of vigilance among private sector participants who may interact with blockchain technologies linked to these illicit practices.
In its advisory, the FBI urged entities in the private sector to scrutinize blockchain data tied to these cryptocurrency addresses. Businesses are encouraged to maintain a watchful eye to prevent transactions that may directly stem from or relate to these identified wallets.
In analyzing the methods likely utilized in these cyber incidents through the lens of the MITRE ATT&CK framework, one can identify tactics such as initial access, exploitation of vulnerabilities within cryptocurrency exchanges, and the establishment of persistence through the use of advanced obfuscation techniques. As cyber threats evolve, understanding these frameworks becomes increasingly critical in accurately assessing and mitigating associated risks.
As the landscape of cybercrime, particularly in cryptocurrency theft, continues to shift, businesses must remain proactive in strengthening their defenses and understanding the motivation behind these assaults. Following these developments is crucial for any organization that seeks to protect its digital assets from sophisticated adversaries operating from state-sponsored backgrounds.
