The FBI has announced that Lazarus Group, a group of North Korean hackers, was responsible for the recent $41 million hack on the Stake platform. The FBI said it would continue to monitor the activities of the Lazarus Group and advised businesses to guard against such attacks, which have already netted the Pyongyang regime more than $1 billion.
North Korea behind a new hack?
On Wednesday, the US Federal Bureau of Investigation (FBI) issued a statement claiming that Lazarus Group, one of the leading North Korean hacker groups accused of serving the Pyongyang regime, was behind the recent $41 million hack of Stake.
At the time of the attack, many observers were already casting doubt on the origin of the hackers, as the transactions had been carried out in a highly organised and methodical manner, as in the hacks already observed attributed to Lazarus Group.
“The FBI has confirmed that this theft occurred on or about September 4, 2023 and attributes it to the Lazarus Group (also known as APT38) which is comprised of cyber actors from the DPRK. “
For its part, the on-chain analysis platform Arkham has also grouped together the dozens of addresses used to transit the funds from the Stake hack, and labelled them in the name of the Lazarus Group:
Overview of cryptocurrencies held by addresses attributed to Lazarus Group
By tracing the various addresses shared by the FBI, it appears that they are also connected to the $100 million Atomic Wallet hack last June, and the CoinsPaid hack, valued at more than $37 million.
A juicy business, but now under scrutiny
North Korean hackers are also known to be behind the attack on the Ronin sidechain worth more than $620 million in March 2022, the largest in the history of cryptocurrencies, and the attack on the Harmony bridge worth more than $100 million last January.
For its part, the FBI has stated that it will continue to track the activities of Lazarus Group, and that an online page (TraderTraitor) is available to companies wishing to protect themselves against hacker attacks. In parallel, the Office of Foreign Assets Control (OFAC) had already sanctioned Lazarus in 2019.
“Private sector entities are advised to review the cybersecurity advisory previously published on TraderTraitor and review the blockchain data associated with the aforementioned virtual currency addresses and exercise vigilance to guard against transactions directly linked to or derived from these addresses. “
Concerning the Stake hack, the project teams have been very discreet about it, after temporarily halting withdrawals and deposits. A leak of the private keys associated with the wallets concerned had been blamed at the time of the incident.
