The U.S. Federal Bureau of Investigation (FBI) sounded the alarm over North Korean hackers’ activities, warning cryptocurrency companies of a potential cash-out attempt involving stolen bitcoin worth more than $40 million. The alert focuses on the Democratic People’s Republic of Korea (DPRK) TraderTraitor-affiliated actors, also known as Lazarus Group and APT38, which have been responsible for several high-profile international cryptocurrency heists.

The North Korean hacking group, known for its spearphishing methods and malicious software, has consistently targeted the blockchain sector. These attacks often begin with spearphishing emails directed at IT employees, luring them into downloading malware-tainted applications referred to as TraderTraitor by the U.S. government.

The FBI’s investigation has tracked approximately 1,580 bitcoin stolen by the DPRK’s TraderTraitor-affiliated actors from several significant heists. These include the $60 million theft from Alphapo on June 22, 2023; the $37 million theft from CoinsPaid on June 22, 2023; and the $100 million theft from Atomic Wallet on June 2, 2023. Last year, the same group carried out attacks on Harmony’s Horizon Bridge and Sky Mavis’ Ronin Bridge, resulting in the loss of some $540 million.

The stolen funds have been moved to specific bitcoin addresses, and the FBI has urged private sector entities to examine the blockchain data associated with these addresses closely. The agency has also called for increased vigilance in guarding against transactions directly with, or derived from, these addresses.