North Korean hackers poised to cash out $40 million in bitcoin after crypto heists, FBI warns

North Korean cybercriminals may be planning to cash out more than $40 million in bitcoin after recently stealing hundreds of millions of dollars in cryptocurrency, according to an FBI announcement issued on Tuesday. 

The bureau said it tracked large volumes of bitcoin that were recently stolen in several high-profile cryptocurrency heists carried out by the North Korean state-sponsored cybercrime organization known as Lazarus Group, as well as APT38, a hacking collective also associated with Pyongyang.

"The FBI believes the [Democratic People's Republic of Korea] may attempt to cash out the bitcoin worth more than $40 million dollars," the announcement said. The FBI also provided six bitcoin addresses where the funds were being held, according to its investigation. 

The news comes amid growing concerns over North Korean cyber threats targeting financial institutions. Lazarus Group is estimated to have stolen over $1.75 billion in cryptocurrency, according to a report published by the blockchain data platform Chainanalysis, and many of those thefts have targeted banks and cryptocurrency firms. 

Tom Kellermann, senior vice president of cyber strategy at the cybersecurity firm Contrast Security, told Nextgov/FCW that North Korea "has been pillaging crypto exchanges for the past two years."

"Their nuclear missile program is funded by the proceeds of cybercrime," he added. "The regime has benefitted from tech transfer from their Russian comrades and as a result they have dramatically improved their cybercrime capabilities."

North Korean cybercrime groups have been responsible for several major heists this summer, the FBI said, including the $100 million theft of virtual currency from the decentralized crypto wallet called Atomic Wallet in June, to the $60 million hack from the crypto payment provider Alphapo that same month. 

North Korean cyber groups were also responsible for stealing $37 million from currency exchange service CoinsPaid in June. 

The FBI encouraged private sector firms to examine all blockchain data associated with the addresses connected to the stolen cryptocurrency "and be vigilant in guarding against transactions directly with, or derived from, the addresses."