North Korean Cryptocurrency Hackers

The U.S. State Department has announced rewards of up to $10 million for any information that could help disrupt North Korea's cryptocurrency theft, cyber-espionage, and other illicit state-backed activities.

"If you have information on any individuals associated with the North Korean government-linked malicious cyber groups (such as Andariel, APT38, Bluenoroff, Guardians of Peace, Kimsuky, or Lazarus Group) and who are involved in targeting U.S. critical infrastructure in violation of the Computer Fraud and Abuse Act, you may be eligible for a reward," the department said in a tweet.

The amount is double the bounty the agency publicized in March 2022 for specifics regarding the financial mechanisms employed by state-sponsored actors working on behalf of the North Korean government.


The development comes a week after the Justice Department disclosed the seizure of $500,000 worth of Bitcoin from North Korean hackers who extorted digital payments by using a new ransomware strain known as Maui.

The threat actor, tracked under the umbrella moniker Lazarus Group (aka Hidden Cobra or APT38), is known to target blockchain companies and conduct financially-driven crime through rogue cryptocurrency wallet apps. Andariel and Bluenoroff are said to be subgroups within the larger Lazarus cluster.

North Korean Hackers

Blockchain analytics firm Chainalysis in a report earlier this year linked the Lazarus Group to seven attacks directed against cryptocurrency platforms in 2021 that enabled the adversary to steal roughly $400 million worth of virtual assets.

It has also been implicated in the hacks of Axie Infinity's Ronin Network Bridge and Harmony Horizon Bridge in recent months, resulting in the theft of hundreds of millions of dollars in digital currencies.


Earlier this month, Microsoft warned that a North Korean activity cluster it calls DEV-0530 has been using a custom ransomware strain dubbed H0lyGh0st to successfully compromise small businesses in multiple countries.

Cyber-enabled financial theft and money laundering, ransomware, cryptojacking, and extortion operations are part of Pyongyang-aligned hackers' tactical playbook to generate illegal revenue while mitigating the impact of sanctions.

"The North Korean government — officially known as the Democratic People's Republic of Korea (DPRK) — employs malicious cyber activity to collect intelligence, conduct attacks, and generate revenue," the U.S. Cybersecurity and Infrastructure Security Agency (CISA) notes in its advisory.

"North Korea has conducted cyber theft against financial institutions and cryptocurrency exchanges worldwide, potentially stealing hundreds of millions of dollars, probably to fund government priorities, such as its nuclear and missile programs."

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.