The U.S. FBI has drawn attention to a significant sum of Bitcoin, amounting to approximately $40 million, that is believed to be linked to North Korean cyber activities, according to a recent announcement:
“Over the last 24 hours, the FBI tracked cryptocurrency stolen by the Democratic People’s Republic of Korea (DPRK) TraderTraitor-affiliated actors (also known as Lazarus Group and APT38). The FBI believes the DPRK may attempt to cash out the bitcoin worth more than $40 million dollars. ”
Several of the identified bitcoin addresses are thought to be connected to the DPRK-affiliated group known as TraderTraitor, Lazarus Group and APT38. These addresses reportedly hold 1,580 BTC, a sum culled from various cyber heists. The FBI further believes these groups will soon “cash out” their holdings.
When a significant amount of BTC is sold, it can lead to notable slippage—a discrepancy between a trade’s expected and executed price, particularly if the order surpasses the available liquidity. This rapid sale can eat through layers of the order book’s buy-side, pushing the price downwards.
This also means that when the price lowers, investors panic-sell, leading to an even lower — and more permanent — price.
Historical data sheds light on the group’s alleged role in multiple cryptocurrency thefts over the past year. High-profile digital breaches at entities like Alphapo, CoinsPaid, and Atomic Wallet have resulted in the siphoning of hundreds of millions of dollars, with North Korean cyber operatives often at the center of such allegations.
Reacting to these emergent threats, U.S. intelligence agencies and regulatory bodies are strengthening its defenses. The FBI’s latest directive calls for blockchain companies to keep an eye out on any related transaction with the above addresses and recommends proactive steps to stave off transactions connected to them.
This approach is further echoed by the Treasury Department’s Office of Foreign Assets Control sanctioning cryptocurrency mixer Blender in May 2022. It was revealed that North Korean operatives had employed its services to launder sizable amounts, including $550 million diverted from the Axie Infinity’s Ronin Network.
These threats are not a surprise for the industry.
Prominent figures like Arthur Cheong, founder of DeFiance Capital, have stressed the need for the industry to remain vigilant, given the sophisticated tactics employed by North Korean cyber units. Cheong tweeted back in April 2022 that North Korea’s BlueNoroff is “running an organized campaign to target all the prominent organizations in the crypto space.”
2/ Given how sophisticated their social engineering attack is, I believe that they already have the relationship graph of the entire crypto space mapped out and know what kind of phishing emails are most likely to slip through our mental defense.
— Arthur (@Arthur_0x) April 15, 2022