Skip to main content

cryptoscams.wiki

Navigation

Main page
Report a scam
Contribute an entry
Moderation

Categories

All entries280
Projects74
Tokens40
Individuals115
Organizations & groups12
Exchanges & platforms28
Websites & domains1
Social accounts2
Other8

Tools

All entries (A–Z)
Recent changes
Timeline
Statistics
Random entry

cryptoscams.wiki is a source-backed database. Entries are user-submitted and may contain errors.

Nothing here is legal or financial advice. Report corrections via the moderation queue.

Tag: north-korea

8 entries tagged “north-korea”.

Phemex hack
In January 2025, the Singapore-based exchange Phemex had its hot wallets drained across 16 blockchains, with losses estimated at $73–85M. On-chain investigators (ZachXBT, Arkham) tied it to North Korea's Lazarus Group, later linking it directly to the Bybit and BingX hacks via commingled funds.
Exchanges & platformsOtherHigh· $85.0M lost· 2 sources· updated Jun 8, 2026
Upbit hack
In November 2019, 342,000 ETH (~$41.5M at the time) was stolen from South Korean exchange Upbit. In November 2024 South Korea's National Police Agency officially attributed the theft to North Korea's Lazarus and Andariel groups — its first such attribution of an exchange hack.
Exchanges & platformsOtherHigh· Ethereum· $41.5M lost· 2 sources· updated Jun 8, 2026
Andariel
A North Korea-linked RGB unit (Lazarus umbrella) that blends cyber-espionage with revenue generation. The U.S. sanctioned it in 2019 and, in 2024, indicted member Rim Jong Hyok for deploying Maui ransomware against U.S. hospitals and laundering the proceeds to fund further espionage.
Organizations & groupsOtherHigh· 2 sources· updated Jun 8, 2026
Contagious Interview (UNC4736)
A North Korea-linked campaign that poses as recruiters/contractors to trick developers and crypto workers into running malware (e.g. BeaverTail, InvisibleFerret, INLETDRIFT). Tracked as UNC4736 / AppleJeus / Citrine Sleet; linked to the Radiant Capital theft.
Organizations & groupsMalware / drainerHigh· 2 sources· updated Jun 8, 2026
Munchables insider exploit ($62.5M)
Munchables, a game on the Blast network, lost about 17,414 ETH (~$62.5M) on Mar 26, 2024 through contract manipulation. ZachXBT linked the hired developer(s) to a single person assessed as likely North Korean; the funds were later returned.
ProjectsMalware / drainerHigh· Blast· $62.5M lost· 2 sources· updated Jun 8, 2026
BlueNoroff (APT38)
A North Korea-linked, financially focused sub-group of the Lazarus umbrella that targets banks and crypto firms. Blamed for the 2016 Bangladesh Bank SWIFT heist and, more recently, macOS malware campaigns against crypto businesses (RustBucket, KandyKorn, 'Hidden Risk'). Sanctioned by the U.S. in 2019.
Organizations & groupsOtherCritical· 2 sources· updated Jun 8, 2026
TraderTraitor
A North Korea-linked threat cluster (part of the Lazarus umbrella) that the FBI blames for several of the largest exchange thefts, including Bybit ($1.5B), DMM Bitcoin ($305M), and the Ronin/Axie bridge. It favors social-engineering of employees and supply-chain compromises.
Organizations & groupsOtherCritical· $1.8B lost· 2 sources· updated Jun 8, 2026
Lazarus Group
The most widely used name for North Korea's state-sponsored hacking apparatus, run under its Reconnaissance General Bureau. Blamed for the Sony hack, the Bangladesh Bank SWIFT heist, WannaCry, and — since ~2017 — many of the largest crypto thefts ever. Chainalysis puts DPRK's cumulative crypto haul near $6.75B, used to fund the regime's weapons programs.
Organizations & groupsOtherCritical· $6.8B lost· 8 sources· updated Jun 8, 2026