The Federal Bureau of Investigation (FBI) confirmed North Korea as a guilty behind the recent $ 1.5 billion feat on the balance sheet.
In an announcement of the public service of February 26 (PSA), the agency awarded the attack on Traderraitor, a malicious cyber-campaign linked to actors of the North Korean threat.
Traderraitor refers to a series of infested applications of malicious software disguised as crypto negotiation tools and price prediction.
These applications, built using Multiplateforme JavaScript and the electronic framework, come from various open source projects. Cybercriminals behind the campaign use websites well designed to attract victims, with false features to strengthen credibility.
Whitening
The FBI reported that the stolen funds were already bleached, the attackers converting parts of the assets into Bitcoin and dispersing them on several blockchain networks.
The agency expects the funds to finally be exchanged for a fiduciary currency through illicit channels.
To counter this, the FBI has published a list of pointed blockchain addresses linked to pirates. He urged virtual asset service providers – including exchanges, DEFI platforms and blockchain analysis companies – to block transactions associated with these addresses to prevent money laundering.
This confirms the previous reports of the Blockchain Analysis Society, Spotonchain, which revealed that the pirates had laundered 100,000 ETH, valued at around 250 million dollars, in less than four days.
Spotonchain noted that whitewashed funds represent 20% of the 499,000 stolen eThs. According to the company, cybercriminals have divided the active ingredients on several addresses and used Thorchain for trading in Bitcoin, DAI and other cryptocurrencies.
The expanding cyber-manic of North Korea
This attack illustrates the growing success of North Korea in the use of cybercrime to finance state operations. The Lazare group, a notorious hacking unit supported by the government, was at the origin of several Landes of Digital Asset.
The FBI noted that the Lazare group is responsible for several previous attacks on cryptographic platforms. The group attacked Horizon Bridge in June 2022, attacked Ronin Bridge in March 2022 and also carried out other attacks.
The reports indicate that the North Korean pirates stole more than $ 1.3 billion in digital assets in 2024, far exceeding $ 660 million taken in 2023.
Analysts believe that these stolen funds support the country’s nuclear weapons program, which allows it to bypass international sanctions.
Bybit and Safe also confirmed Cryptoslate that the North Korean hacking group Lazarus was responsible for the attack. A developer machine has been compromised, allowing hackers to deceive owners from a multisig cold portfolio to report a malicious transaction. Declared security,
“The Safe {Wallet} team has fully rebuilt, reconfigured all infrastructure and turned all identification information, ensuring that the attack vector is completely eliminated.”
Bybit has also confirmed that the majority of its assets held with Safe has been removed from chests to protect against any new vulnerability.
