Two state-sponsored hacker groups stole over $620 million worth of crypto from the Ronin exchange.
"Through our investigation, we were able to confirm Lazarus Group and APT38, cyber actors associated with the DPRK, are responsible for the theft of $620 million in Ethereum reported on March 29," reads the FBI's statement.
According to Ronin, the attackers used hacked private keys to forge fake withdrawals. The Ronin decentralized currency exchange was halted after the breach was discovered, leaving users unable to conduct transactions until further notice.
North Korea employs cybercrime to finance its dictatorship, which runs a country mostly closed off from the outside world.
While APT38, also known as 'Un-usual Suspects,' is almost certainly a state-sponsored actor, its primary goals are financial. Hacker groups operated by state intelligent services often focus more on intelligence.
According to blockchain analysis firm Chainalysis, North Korea launched at least seven attacks on cryptocurrency platforms that extracted nearly $400 million worth of digital assets last year.
A United Nations panel of experts that monitors sanctions on North Korea has accused Pyongyang of using stolen funds to support its nuclear and ballistic missile programs to circumvent sanctions.
Last year the United States charged three North Korean computer programmers working for the country's intelligence service with a massive, years-long hacking spree to steal more than $1.3 billion in money and cryptocurrency, affecting companies from banks to Hollywood movie studios.
Reports by cybersecurity firm Mandiant show that North Korea aims to expand its profitable operation, setting up new hacker groups. The recently formed Bureau 325 has quickly risen to prominence to become North Korea's "Swiss army knife" cybercriminal gang.
More from Cybernews:
Subscribe to our newsletter