19 entries tagged “lazarus”.
In January 2025, the Singapore-based exchange Phemex had its hot wallets drained across 16 blockchains, with losses estimated at $73–85M. On-chain investigators (ZachXBT, Arkham) tied it to North Korea's Lazarus Group, later linking it directly to the Bybit and BingX hacks via commingled funds.
In November 2019, 342,000 ETH (~$41.5M at the time) was stolen from South Korean exchange Upbit. In November 2024 South Korea's National Police Agency officially attributed the theft to North Korea's Lazarus and Andariel groups — its first such attribution of an exchange hack.
A North Korea-linked RGB unit (Lazarus umbrella) that blends cyber-espionage with revenue generation. The U.S. sanctioned it in 2019 and, in 2024, indicted member Rim Jong Hyok for deploying Maui ransomware against U.S. hospitals and laundering the proceeds to fund further espionage.
About $70M was drained from the Hong Kong-based exchange CoinEx in September 2023 after its hot-wallet private keys were compromised. Researchers (Elliptic, ZachXBT) linked the theft to North Korea's Lazarus Group, partly via wallets shared with the Stake.com hack.
About $41M was stolen from the crypto casino Stake.com on September 4, 2023, after attackers obtained access to its hot wallets (ETH, BNB Chain, Polygon). The FBI publicly attributed the theft to North Korea's Lazarus Group (APT38).
Two linked crypto payment processors were drained in mid-2023 — about $60M from Alphapo and ~$37M from CoinsPaid — via compromised hot-wallet keys. The FBI attributed both thefts to North Korea's Lazarus Group (TraderTraitor); CoinsPaid said it was breached after months of social-engineering.
A Web3 game on the Blast network drained of about $62.5M in March 2024 by one of its own developers — an insider whom investigators (ZachXBT) linked to North Korea. After negotiations, the developer returned all of the funds without a ransom.
A cross-chain lending protocol drained of about $50M on October 16, 2024. Mandiant attributed it to a North Korea-linked actor (UNC4736 / AppleJeus) that used a fake-contractor Telegram lure to plant macOS malware on developers' machines and forge multisig approvals.
Harmony's Horizon bridge was exploited for about $100M in June 2022 after attackers compromised multisig signing keys. The FBI later attributed the theft, along with the Ronin hack, to North Korea's Lazarus Group.
A North Korea-linked, financially focused sub-group of the Lazarus umbrella that targets banks and crypto firms. Blamed for the 2016 Bangladesh Bank SWIFT heist and, more recently, macOS malware campaigns against crypto businesses (RustBucket, KandyKorn, 'Hidden Risk'). Sanctioned by the U.S. in 2019.
A North Korea-linked threat cluster (part of the Lazarus umbrella) that the FBI blames for several of the largest exchange thefts, including Bybit ($1.5B), DMM Bitcoin ($305M), and the Ronin/Axie bridge. It favors social-engineering of employees and supply-chain compromises.
The most widely used name for North Korea's state-sponsored hacking apparatus, run under its Reconnaissance General Bureau. Blamed for the Sony hack, the Bangladesh Bank SWIFT heist, WannaCry, and — since ~2017 — many of the largest crypto thefts ever. Chainalysis puts DPRK's cumulative crypto haul near $6.75B, used to fund the regime's weapons programs.
A BNB Chain lending protocol whose QBridge was exploited for about $80M on January 27, 2022. A logic flaw let an attacker mint unlimited 'qXETH' collateral without depositing any ETH, then borrow out the protocol's assets. Chainalysis later assessed it was likely North Korea-linked.
More than $100M was drained from users of the non-custodial Atomic Wallet beginning June 3, 2023, affecting 5,000+ wallets. Elliptic attributed the theft to North Korea's Lazarus Group based on laundering patterns; the root cause was never fully disclosed.
About $305M (4,502.9 BTC) was stolen from the Japanese exchange DMM Bitcoin in May 2024. The FBI, DC3, and Japan's NPA attributed it to North Korea's TraderTraitor, which used a fake-recruiter lure to compromise an employee at wallet vendor Ginco. DMM later wound down.
The largest crypto theft on record: about $1.5B in Ether was stolen from the Bybit exchange on February 21, 2025. The FBI attributed it to North Korea (TraderTraitor/Lazarus), which compromised the Safe{Wallet} signing interface to redirect a routine cold-wallet transfer.
About $230M+ was stolen from India's largest crypto exchange, WazirX, in July 2024 after attackers compromised a multisignature wallet and altered its logic. Blockchain analysts attributed the theft to North Korea's Lazarus Group.
About $281M in crypto was stolen from the Singapore-based exchange KuCoin in September 2020 after attackers obtained hot-wallet private keys. Chainalysis attributed the theft to North Korea's Lazarus Group; KuCoin recovered roughly 84% of the assets.
The Ronin bridge behind the game Axie Infinity was drained of about $625M in ETH and USDC in March 2022 after attackers obtained validator keys. U.S. authorities attributed the theft to North Korea's Lazarus Group, and OFAC sanctioned the wallet.