In recent years, the Lazarus Group - a hacker group associated with North Korean military intelligence - has become a serious threat to the global crypto market.
This group is not only known for its sophisticated cyber attacks, but also for causing massive financial damage, forcing crypto exchanges and blockchain companies to be on high alert.
Lazarus has taken over $3.4 billion from companies in the Crypto market
According to a report from Hacken.io, Lazarus began focusing on the cryptocurrency market in 2017, with its first attack targeting the Bithumb exchange in South Korea. In July 2017, the group stole over $7 million worth of crypto assets in a single day, marking the beginning of a series of even more brazen attacks.
Since then, Lazarus has continuously expanded its operations, targeting large targets such as centralized exchanges (CEXs) and blockchain platforms. A notable example is the Ronin Network hack in March 2022, where Lazarus stole $620 million in crypto from the Axie Infinity game bridge, one of the largest attacks in crypto history.
List of Lazarus Group's attacks on the crypto market. Source: hackenReports from Chainalysis and security agencies like the FBI show that from 2017 to 2023, Lazarus has carried out a series of attacks, causing billions of dollars in total damage. According to a report by Immunefi cited on Hacken.io, in 2023, the group was responsible for over $300 million in crypto hacking losses, accounting for 17.6% of the total amount stolen that year.
Notably, a UN report cited by the Financial Times in December 2024 also revealed that North Korea-affiliated groups, including Lazarus, had stolen $1.3 billion in digital assets in 2024 alone, accounting for two-thirds of global crypto thefts.
These figures not only reflect the scale of Lazarus' operations, but also the growing dependence of North Korea on cyber attacks to finance its missile and nuclear programs, as mentioned in the UN report.
Most recently, in February 2025, the Lazarus Group once again caused a stir when it was identified as the perpetrator behind the Bybit exchange hack - one of the largest attacks in crypto history. This hack resulted in Bybit losing $1.4 billion worth of ETH, making it the group's most financially damaging attack to date.
The largest crypto market hacks carried out by Lazarus.Investigator ZachXBT, with the support of Arkham Intelligence, provided convincing evidence linking the incident to Lazarus, based on transaction analysis and related wallets, including the use of similar wallets in the previous Phemex hack. The Bybit incident not only put enormous financial pressure on the exchange - forcing them to use BTC and stablecoin reserves to compensate - but also raised concerns about the security capabilities of major crypto platforms.
If we sum up all the damage caused by this group to the crypto market, including the Bybit hack, the total amount reaches $3.4 billion from 2017 to February 2025.
Lazarus is not just a group of hackers; they are a well-organized organization, using techniques such as social engineering, unauthorized access, and zero-day exploits to carry out complex attacks. According to the Chainalysis 2022 Report, Lazarus' money laundering process often involves three steps: converting ERC20 tokens to ETH, then to BTC, and finally to fiat (China) through Asian exchanges. This process can take years, as in the case of 2022 when the group still held $55 million from hacks in 2016. In the Bybit hack, the attackers also exploited the creation of meme coins on pump.fun to launder the funds.
The 2024 UN report shows that Lazarus is not the only threat actor; other groups, such as Kimsuky, BlueNoroff, and APT43, are also active. These attacks primarily target crypto exchanges, decentralized finance (DeFi) companies, and digital wallets to support money laundering and finance weapons of mass destruction (WMD) programs.
Subscribe to the BeInCrypto newsletter to stay up-to-date with the latest analysis and news on the financial markets, including cryptocurrencies.
