The North Korean hacker group Lazarus has made headlines for becoming the world’s third-largest holder of Bitcoin through their theft of cryptocurrency. This group, known for carrying out state-sponsored cyber attacks, has raised concerns within the international community due to the scale and impact of their activities.
Lazarus, believed to have ties to North Korea’s military intelligence agency, the Reconnaissance General Bureau, has a history of targeting banks, financial institutions, cryptocurrency exchanges, and companies worldwide. Their past cyber attacks include the infamous Central Bank of Bangladesh hack in 2016 and the WannaCry ransomware attack in 2017, which had far-reaching consequences on financial institutions, hospitals, and corporate networks.
While recommended cryptocurrency presales have not been targeted by Lazarus, it is noted that these presales involve relatively small market sizes, making them less appealing targets. However, the potential for significant value appreciation post-listing on exchanges makes them attractive for investors.
Reports indicate that North Korea currently holds approximately 13,580 Bitcoins, valued at around $886 million, making it the third-largest holder globally behind the United States and the United Kingdom. This accumulation is a result of Lazarus’s large-scale cryptocurrency theft in 2024, with exchanges in Japan and Dubai being major targets. North Korea’s significant Bitcoin holdings are believed to serve as a means of national financing to circumvent economic sanctions through the use of cryptocurrencies.
In 2024, Lazarus conducted several major hacking incidents, including the theft of approximately $1.5 billion worth of Ethereum from the Bybit exchange in Dubai and around 4,503 Bitcoins (equivalent to $300 million) from Japan’s DMM Bitcoin exchange. These attacks highlighted the group’s advanced cyber technology and their ability to disperse stolen assets through anonymous wallets, making tracking difficult.
A UN report suggests that up to 40% of North Korea’s nuclear development program is funded through cyberattacks, with Lazarus likely converting stolen cryptocurrencies into cash for weapons development and sanctions evasion. The use of privacy coins like Monero to exchange Bitcoin complicates efforts to prevent money laundering and poses challenges for financial authorities globally.
In response to Lazarus’s cryptocurrency theft, the international community is taking steps to combat these activities. The U.S. Treasury Department has sanctioned wallet addresses associated with the group, prohibiting transactions with U.S. companies, while the FBI has been tracking fund flows through international cooperation. Additionally, Japan’s financial authorities and exchanges are enhancing security measures to prevent future hacking incidents.
The impact of North Korea’s hacking activities on the cryptocurrency market has been significant, prompting increased monitoring of transactions and crackdowns on illegal activities by financial supervisory agencies worldwide. Exchanges are also implementing advanced security measures to reduce the risk of hacking, although investor trust in the market may be shaken by the succession of large-scale incidents.
Looking ahead, the challenge posed by Lazarus’s cybercrime activities requires countries to strengthen regulations and enhance security measures. The cryptocurrency industry itself must develop a more secure operating model to mitigate risks. Collaboration between nations to prevent and combat hacking incidents will be crucial in addressing the evolving threat posed by North Korea’s cyber operations.