The FBI is issuing this release to warn the public regarding the theft of approximately $41 million in virtual currency from Stake.com, an online casino and betting platform. The FBI has confirmed that this theft took place on or about September 4, 2023, and attributes it to the Lazarus Group (also known as APT38) which is comprised of DPRK cyber actors.
The FBI investigation has revealed that DPRK cyber actors moved stolen funds associated with the Ethereum, Binance Smart Chain (BSC), and Polygon networks from Stake.com into the following virtual currency addresses:
These same DPRK actors are also responsible for several other high-profile international virtual currency heists. In 2023 alone, DPRK cyber actors have stolen more than $200 million. This amount includes, but is not limited to, approximately $60 million of virtual currency from Alphapo and CoinsPaid on or about July 22, 2023, and approximately $100 million of virtual currency from Atomic Wallet on or about June 2, 2023.
The FBI previously provided information to the public regarding the DPRK’s attacks against Harmony’s Horizon bridge and Sky Mavis’ Ronin Bridge and put out a cybersecurity advisory on TraderTraitor. In addition, the U.S. Department of Treasury’s Office of Foreign Assets Control (OFAC) sanctioned the Lazarus Group in 2019.
Private sector entities are encouraged to review the previously released Cyber Security Advisory on TraderTraitor and examine the blockchain data associated with the above-referenced virtual currency addresses and be vigilant in guarding against transactions directly with, or derived from, those addresses.
The FBI will continue to expose and combat the DPRK’s use of illicit activities to generate revenue for the regime, including cybercrime and virtual currency theft. If you have any information to provide, please contact your local FBI field office or the FBI’s Internet Crime Complaint Center at ic3.gov.