3
With cryptocurrency stored digitally and often valued in the millions or even billions when converted to fiat, it has become a prime target for hackers.
Since the bull run in 2017, the world has seen significant increases in token values, and the Lazarus Group has carried out multiple attacks on crypto entities.
This article aims to discuss the most popular attacks of the Lazarus Group inthe crypto industry
What is the Lazarus Group?
The Lazarus Group is a North Korean state-backed hacking organization known for cyber espionage and financial crimes. Active since at least 2009, it is believed to operate under North Korea’s Reconnaissance General Bureau, the country’s main intelligence agency.
Since 2018, North Korean hackers have deployed several forms of malware posing as legitimate cryptocurrency businesses. In addition to phishing, hackers use social networking to lure victims.
Advertisement
According to an article, Lazarus hackers reportedly receive state training and privileges, often working abroad to gain experience. Unlike Russian hacker groups that occasionally face government pressure, Lazarus operates recklessly with no fear of repercussions.
How Does it Attack?
- Social Engineering: Fake job offers trick engineers into installing malware.
- Phishing Attacks: Hackers send malicious emails to employees and executives.
- Exploiting Software Vulnerabilities: Attackers target outdated software in banks, exchanges, and enterprises.
- Compromising Private Keys: Hackers gain access to high-value crypto wallets.
- Using Mixers and DeFi Protocols: Stolen funds are laundered through Tornado Cash, Sinbad, and other services.
List Crypto Attacks by Lazarus Group
Bybit Exchange Hack (2025)
CoinsPaid Hack (2023-2024)
- On July 22, 2023, CoinsPaid, an Estonian crypto payment provider, suffered a $37.2 million hack, which the company attributed to the Lazarus Group.
- A second breach occurred on Jan. 6, 2024, in which $7.5 million was stolen. Web3 security firm Cyvers detected unauthorized withdrawals involving $USDT, $ETH, $USDC, $BNB, and CoinsPaid’s $CPD, which attackers swapped and moved to exchanges like MEXC and WhiteBit.
- CoinsPaid’s post-mortem report on the July hack revealed that Lazarus used social engineering, tricking an employee with a fake job interview to install malicious code, granting access to company infrastructure.
CoinEx Hack (2023)
- Hong Kong-based cryptocurrency exchange CoinEx confirmed that hackers stole millions due to compromised private keys linked to its hot wallets. The breach allowed unauthorized access, leading to significant losses.
- The stolen funds were initially estimated at $27 million but later doubled to $70 million as more transactions were tracked.
- Read the BitPinas article on the attack: Report: North Korea’s Lazarus Group Behind $55M CoinEx Hack
Atomic Wallet Hack (2023)
- On June 3, 2023, Atomic Wallet suffered a large-scale hack, resulting in over $35 million in stolen crypto assets.
- Users reported unauthorized transactions, flooding the platform’s Twitter and Telegram channels with complaints. The largest known victim reportedly lost 7.95 million $USDT in the attack.
- Atomic Wallet confirmed that fewer than 1% of monthly active users were affected.
Alphapo Hack (2023)
- On July 23, 2023, the Lazarus Group stole $60 million from Alphapo, a crypto payment platform.
- The attack targeted hot wallets, likely through stolen private keys—a common Lazarus tactic using fake job offers to compromise employees.
- Initially, $23 million was reported stolen, but later investigations revealed an additional $37 million in TRON and Bitcoin. The stolen funds, including USDT, USDC, ETH, and FTN, were quickly moved to Bitget, Bybit and crypto mixers to obscure transactions.
Ronin Bridge Breach (2022)
- The LazarusGroup targeted the Ronin Bridge, used for the blockchain game Axie Infinity. They stole 173,600 ETH and 25.5 million $USDC, valued at $625 million at the time.
- The attackers gained control of five validator nodes (out of nine) by exploiting private key vulnerabilities. This allowed them to authorize fraudulent transactions.
- The breach went unnoticed for nearly a week. Sky Mavis, the developers behind Axie Infinity, raised $150 million to reimburse affected users and implemented stricter security measures.
- Read BitPinas articles about the hack:
Harmony’s Horizon Bridge Hack (2022)
- Lazarus Group exploited vulnerabilities in the Horizon Bridge, which facilitates cross-chain transactions between Ethereum, Binance Smart Chain, and Harmony blockchains. They stole $100 million worth of crypto assets.
- The stolen funds were converted into Ethereum and laundered through Tornado Cash, a privacy-focused mixer.
- Harmony collaborated with cybersecurity firms and law enforcement to trace the stolen assets, but recovery efforts faced significant challenges due to the use of advanced laundering techniques.
Stake.com Hack (2022)
- Stake.com, a cryptocurrency casino and betting platform, was targeted by Lazarus hackers who infiltrated the platform’s internal systems.
- The FBI confirmed that the Lazarus Group was responsible for the $41 million exploit. The stolen funds came from Ethereum, Binance Smart Chain, and Polygon and were later moved into 40 crypto wallets identified by the FBI.
- The hackers quickly swapped and laundered the stolen assets. Polygon/MATIC funds were converted to USDT/USDC and moved to Avalanche, then swapped into wrapped BTC before being bridged to Bitcoin, where they remain parked.
Non-Crypto Major Attacks
- Sony Pictures (2014):
- The attack is widely believed to have been retaliation for Sony’s release of The Interview, a comedy about a plot to assassinate North Korea’s leader, Kim Jong-un.
- Hackers breached Sony’s systems, leaking unreleased films, confidential employee information, and emails. They also demanded the cancellation of The Interview and threatened attacks on theaters showing the film.
- The breach caused significant financial losses, estimated at $85 million, and led to operational disruptions and reputational damage for Sony.
- Bangladesh Bank Heist (2016):
- The Lazarus Group infiltrated the Bangladesh Bank’s systems using malware to manipulate SWIFT transactions.
- They attempted to transfer nearly $1 billion to fake accounts but spelling error in one of the transfer requests—”foundation” was misspelled as “fandation”—alerted officials and stopped further transactions.
- While most of the funds were recovered or blocked, the hackers successfully stole $81 million, much of which was laundered through casinos in the Philippines.
- WannaCry Ransomware (2017):
- The global ransomware exploited a vulnerability in Microsoft’s Windows operating system, encrypting data on infected devices and demanding Bitcoin payments to restore access.
- The attack affected over 200,000 computers in 150 countries, disrupting critical infrastructure such as the UK’s National Health Service (NHS), which had to cancel appointments and surgeries as a result.
This article is published on BitPinas: Biggest Crypto Hacks by North Korea’s Lazarus Group
What else is happening in Crypto Philippines and beyond?
