The FBI revealed in a Sept. 6 report that the North Korean hacking entity Lazarus Group was responsible for a Sept. 4 exploit of online casino platform Stake that resulted in $41 million in cryptocurrency lost.

Lazarus Group, also known as APT38, is made up of agents reporting to the Democratic People’s Republic of Korea (DPRK). Lazarus Group is generally considered a state-backed hacking group.

The law enforcement agency identified 33 crypto addresses that received the stolen funds. In all, it listed four Ethereum (ETH) addresses, five Binance Smart Chain (BSC) addresses, two Polygon (MATIC) addresses, and 22 (BTC) Bitcoin addresses.

The FBI did not provide any details about the current status of stolen funds, such as whether the funds have been sold for regular currency or whether further transactions have been intercepted. Typically, exchanges and crypto platforms work with law enforcement to prevent the movement and sale of stolen funds.

The FBI’s announcement confirms earlier speculation about North Korea’s involvement. However, the agency did not confirm that the attackers used the employment infiltration strategy previously described by crypto developer Taylor Monahan, aka tayvano.

Lazarus often targets crypto

The FBI noted that Lazarus Group is responsible for several previous attacks on crypto platforms. The group attacked Horizon Bridge in June 2022, attacked Ronin Bridge in March 2022, and has carried out other attacks as well.

The law enforcement agency additionally noted that the U.S. Department of Treasury’s Office of Foreign Assets Control (OFAC) imposed sanctions on Lazarus Group in 2019. Elsewhere, the Department of Justice (DOJ) named Lazarus’ use of the coin mixer Tornado Cash in its charges against the founders of that service.