North Korean Hackers Ramp Up Crypto Attacks, Stealing Billions

North Korean Hackers Stole $3 Billion in Crypto Assets Through Sophisticated Attack Networks

  • North Korean Hackers have stolen approximately $3 billion between 2017-2023, with an additional $1.7 billion from attacks on WazirX and Bybit in recent years.
  • At least five North Korean Hacking organizations target the crypto industry, with Lazarus Group being the most notorious for high-profile attacks.
  • These threat actors employ increasingly sophisticated methods from phishing to supply chain hijacks, sometimes planning attacks that take up to a year to execute.

North Korean crypto hacking operations have escalated in both sophistication and scale, according to a new report by Paradigm titled “Demystifying the North Korean Threat.” The Cybersecurity research reveals that state-backed hackers have developed complex attack methodologies targeting cryptocurrency exchanges and infrastructure, representing a growing threat to the digital asset industry.

- Advertisement -

According to United Nations estimates, North Korean hackers successfully stole $3 billion between 2017 and 2023. This figure has increased dramatically in recent years, with attacks against exchanges WazirX and Bybit netting approximately $1.7 billion in stolen funds.

The report identifies at least five distinct North Korean hacking organizations targeting the cryptocurrency sector: Lazarus Group, Spinout, AppleJeus, Dangerous Password, and TraitorTrader. Additionally, a network of North Korean operatives poses as legitimate IT professionals to infiltrate technology companies globally.

Lazarus Group, the most infamous of these organizations, has executed several high-profile attacks since 2016. Their targets have included Sony and the Bank of Bangladesh in 2016, followed by involvement in the WannaCry 2.0 Ransomware attack in 2017. The group’s focus on cryptocurrency began with attacks on exchanges Youbit and Bithumb in 2017, followed by the 2022 Ronin Bridge exploit that resulted in hundreds of millions in stolen assets.

Most notably, Lazarus Group is credited with the 2025 theft of $1.5 billion from Bybit, one of the largest cryptocurrency heists to date. Security researchers also believe the group may be connected to various Solana memecoin scams.

These North Korean cyberattacks employ diverse methodologies, including direct assaults on exchanges, social engineering, phishing campaigns, and complex supply chain hijacks. Some operations demonstrate remarkable patience, with attackers meticulously planning their approach over periods extending up to a year.

After successful attacks, Lazarus Group follows predictable money laundering patterns according to Chainalysis and other blockchain intelligence firms. The group fragments stolen funds into progressively smaller amounts distributed across numerous wallets, converts illiquid tokens to those with higher liquidity, and consolidates much of the value into Bitcoin. Following these conversions, they often hold the assets for extended periods until law enforcement attention diminishes.

- Advertisement -

Law enforcement has made some progress in identifying the perpetrators. The FBI has identified three alleged members of the Lazarus Group, with the U.S. Justice Department indicting two individuals in February 2021 for involvement in global cybercrime operations.

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

- Advertisement -

Latest News

BPX Gains FCA Nod to Trade Tokenized Securities in the UK

BPX, a startup focused on trading tokenized securities, received several authorizations from the UK’s...

Shopify, Coinbase Launch USDC Payments; Mastercard Expands Crypto Access

Shopify and Coinbase allow merchants to accept USDC stablecoin payments, making crypto transactions easier...

Coinbase Launches Wrapped ADA and LTC on Base, COIN Hits New High

Coinbase has introduced wrapped versions of Cardano (ADA) and Litecoin (LTC) on its Ethereum...

ClickFix Attacks Surge 517% in 2025, Fake CAPTCHAs Spread Malware

ClickFix attacks using fake CAPTCHA verifications have risen by 517% in early 2025, according...

FHFA Orders Fannie, Freddie to Consider Crypto as Mortgage Collateral

The U.S. Federal Housing Finance Agency ordered Fannie Mae and Freddie Mac to consider...

Must Read

10 Best Crypto Audiobooks You Don’t Want to Miss

So, you are getting tired of reading books and you want to switch to audiobooks that talk about cryptocurrencies. Well, today we are going...