North Korean Hackers: The Lazarus Group

State-supported North Korean hackers, known as the Lazarus Group, have stolen billions of dollars in cryptocurrency over the past decade. Their operations have made North Korea the fifth-largest country in Bitcoin holdings. A UN report indicates that nearly half of the costs associated with North Korea’s nuclear program are financed through stolen cryptocurrencies.

Lazarus Group’s Holdings

As of March 17, 2025, Lazarus Group reportedly holds around $1.14 billion in Bitcoin (BTC). Recently, they converted stolen Ethereum (ETH) funds into Bitcoin. After a significant hack of Bybit, North Korea now possesses 13,518 BTC, positioning it behind only the U.S., China, the UK, and Ukraine.

According to reports, OKX suspended its DEX aggregator service after noticing a coordinated attempt by Lazarus Group to breach it. Additionally, investigations have commenced concerning the Bybit hack and its connection to laundering operations.

Cyber Crimes and Attacks

Lazarus Group’s cybercrime activities trace back to 2009 and include targeting banks and conducting high-profile attacks, such as the WannaCry ransomware attack in 2017. They shifted focus to the cryptocurrency sector, aggressively targeting exchanges in the U.S. and South Korea and stealing substantial amounts from platforms like the Ronin Network, where they looted $615 million in 2022.

Their attacks have primarily targeted various countries, affecting institutions and individuals in the U.S., China, South Korea, and more. Unlike hackers in most countries, Lazarus Group operates with governmental backing, leading to minimal repercussions for their actions.

The group’s successful operations are attributed to sophisticated methods, including social engineering and phishing campaigns. Their motivations range from financial gain to causing chaos, as exemplified by the WannaCry attack.

Funding North Korea’s Nuclear Ambitions

The UN reports that approximately half of North Korea’s foreign income derives from cybercrime, with a notable fraction reportedly financing ballistic missile development. North Korea continues missile tests, showcasing advanced capabilities. The last nuclear bomb test occurred in 2017, with the nation believed to possess between 50 and 100 nuclear weapons.

Conclusion

Prosecuting members of the Lazarus Group is incredibly challenging, with only a few indictments out of potentially over a thousand participants. Experts argue that improved prevention measures are crucial in addressing this evolving threat, advocating for tighter controls in the DeFi and web3 sectors to hinder illegal fund management.

While North Korea’s cyber operations pose ongoing risks, experts maintain that the Lazarus Group will likely continue its illegal activities, prompting calls for a balance between privacy and crime prevention in the online realm.