North Korean crypto attacks rising in sophistication, actors — Paradigm
North Korean cyberwarfare attacks on the cryptocurrency industry are growing in sophistication and in the number of groups involved in such criminal activity, crypto firm Paradigm warns in report titled “Demystifying the North Korean Threat.”
North Korea-originated cyberattacks range from assaults on exchanges and social engineering attempts to phishing attacks and complex supply chain hijacks, the report says. In some cases, the attacks take a year to play out, with North Korean operatives biding their time.
The United Nations estimates that between 2017 and 2023, North Korean hackers have netted the country $3 billion. The total haul has skyrocketed in 2024 and this year, with successful attacks against crypto exchanges WazirX and Bybit, which together netted attackers around $1.7 billion.
Paradigm writes that the North Korean organizations orchestrating these attacks number at least five: Lazarus Group, Spinout, AppleJeus, Dangerous Password, and TraitorTrader. There is also a coalition of North Korean operatives who pose as IT workers, infiltrating tech companies around the world.
Related: Typosquatting in crypto, explained: How hackers exploit small mistakes
High-profile attacks and predictable laundering methods
Lazarus Group, the most well-known North Korean hacking team, is given credit for some of the most high-profile cyberattacks since 2016. According to Paradigm, the group hacked Sony and the Bank of Bangladesh in 2016 and helped orchestrate the WannaCry 2.0 ransomware attack in 2017.
It has also taken aim at the cryptocurrency industry, sometimes to great effect. In 2017, the group hit two crypto exchanges — Youbit and Bithumb. In 2022, Lazarus Group exploited the Ronin Bridge, resulting in hundreds of millions in lost assets. And in 2025, it infamously stole $1.5 billion from Bybit, sending shock throughout the crypto community. The group may be behind some Solana memecoin scams.
As Chainalysis and other organizations have explained, Lazarus Group also has predictable money laundering methods after securing a haul. It breaks up the stolen amount into smaller and smaller pieces, sending them to countless other wallets. It then swaps the more illiquid coins for those with higher liquidity and converts much of it to Bitcoin (BTC). After that, the group may sit on the stolen money for a long period of time until the attention from law enforcement dies down. The FBI has so far identified three alleged members of the Lazarus Group, accusing them of cybercrimes. In February 2021, the US Justice Department indicted two of those members for involvement in global cybercrimes. Magazine: Lazarus Group’s favorite exploit revealed — Crypto hacks analysis
Related News
Bitcoin rebounds to recover to the $110,000 level, Bitfinex analysts hold bullish forecasts for the fourth quarter
Crypto market data daily view. Source: Coin360
Bitcoin (BTC) $ 111,738.00
Ethereum (ETH) $ 4,457.50
XRP (XRP) $ 2.86
Tether (USDT) $ 1.00
BNB (BNB) $ 858.18
Solana (SOL) $ 209.91
USDC (USDC) $ 0.999809
Lido Staked Ether (STETH) $ 4,446.92
Dogecoin (DOGE) $ 0.217724
TRON (TRX) $ 0.341184
Cardano (ADA) $ 0.835447
Wrapped stETH (WSTETH) $ 5,397.02
Chainlink (LINK) $ 23.66
Wrapped Beacon ETH (WBETH) $ 4,803.00
Wrapped Bitcoin (WBTC) $ 111,967.00
Ethena USDe (USDE) $ 1.00
Hyperliquid (HYPE) $ 46.04
Figure Heloc (FIGR_HELOC) $ 1.00
Wrapped eETH (WEETH) $ 4,779.90
Sui (SUI) $ 3.36
Bitcoin Cash (BCH) $ 591.22
Stellar (XLM) $ 0.363570
Avalanche (AVAX) $ 25.27
WETH (WETH) $ 4,459.65
Cronos (CRO) $ 0.279071
Hedera (HBAR) $ 0.220469
LEO Token (LEO) $ 9.52
Litecoin (LTC) $ 112.43
Toncoin (TON) $ 3.17
USDS (USDS) $ 0.999441
Shiba Inu (SHIB) $ 0.000012
Binance Bridged USDT (BNB Smart Chain) (BSC-USD) $ 0.999578
Coinbase Wrapped BTC (CBBTC) $ 111,840.00
WhiteBIT Coin (WBT) $ 43.14
World Liberty Financial (WLFI) $ 0.219016
Polkadot (DOT) $ 3.87
Uniswap (UNI) $ 9.67
Bitget Token (BGB) $ 4.96
Ethena Staked USDe (SUSDE) $ 1.19
Monero (XMR) $ 269.43
Aave (AAVE) $ 325.02
Ethena (ENA) $ 0.722853
Dai (DAI) $ 1.00
Pepe (PEPE) $ 0.000010
OKB (OKB) $ 180.05
Mantle (MNT) $ 1.11
Ethereum Classic (ETC) $ 20.94
Bittensor (TAO) $ 325.72
Jito Staked SOL (JITOSOL) $ 257.82
NEAR Protocol (NEAR) $ 2.47
Ondo (ONDO) $ 0.961498
Aptos (APT) $ 4.36
POL (ex-MATIC) (POL) $ 0.282475
Pi Network (PI) $ 0.356472
USDT0 (USDT0) $ 0.999887
Arbitrum (ARB) $ 0.512975
Binance-Peg WETH (WETH) $ 4,456.57
USD1 (USD1) $ 0.999344
Internet Computer (ICP) $ 4.86
Story (IP) $ 8.42
Binance Staked SOL (BNSOL) $ 224.85
BlackRock USD Institutional Digital Liquidity Fund (BUIDL) $ 1.00
Kaspa (KAS) $ 0.084597
Cosmos Hub (ATOM) $ 4.53
VeChain (VET) $ 0.023901
Algorand (ALGO) $ 0.234412
Rocket Pool ETH (RETH) $ 5,075.10
sUSDS (SUSDS) $ 1.06
Jupiter Perpetuals Liquidity Provider Token (JLP) $ 5.50
Gate (GT) $ 16.90
Fasttoken (FTN) $ 4.51
Pudgy Penguins (PENGU) $ 0.030600
KuCoin (KCS) $ 15.10
Kelp DAO Restaked ETH (RSETH) $ 4,681.25
Render (RENDER) $ 3.49
Worldcoin (WLD) $ 0.895900
Sei (SEI) $ 0.291200
Kinetiq Staked HYPE (KHYPE) $ 46.12
BFUSD (BFUSD) $ 0.999420
MemeCore (M) $ 1.02
StakeWise Staked ETH (OSETH) $ 4,688.97
Official Trump (TRUMP) $ 8.41
Sky (SKY) $ 0.071808
Artificial Superintelligence Alliance (FET) $ 0.622281
Liquid Staked ETH (LSETH) $ 4,815.40
Filecoin (FIL) $ 2.32
Bonk (BONK) $ 0.000020
USDtb (USDTB) $ 1.00
Jupiter (JUP) $ 0.500640
Lombard Staked BTC (LBTC) $ 111,874.00
Flare (FLR) $ 0.020562
Polygon Bridged USDT (Polygon) (USDT) $ 1.00
XDC Network (XDC) $ 0.078880
Renzo Restaked ETH (EZETH) $ 4,710.53
Pump.fun (PUMP) $ 0.003908
Four (FORM) $ 3.56
Falcon USD (USDF) $ 1.00
Tether Gold (XAUT) $ 3,573.57
Provenance Blockchain (HASH) $ 0.027316
Mantle Staked Ether (METH) $ 4,783.01