Lazarus Group: North Korea’s Leading Crypto Hackers in 2025
The Lazarus Group, an infamous North Korea–affiliated hacking group, continues to be the crypto industry’s most notorious threat as of 2025. By mid-2025, the group had stolen over $2 billion in cryptocurrency, adding to the $1.3 billion stolen in 2024.
In 2025, Lazarus was linked to major attacks including the $1.5 billion hack of Bybit in February and the $36 million breach of Upbit in November. The Bybit hack notably involved manipulating a developer’s machine to alter a multisignature security solution’s user interface, misleading users and facilitating the theft.
To launder stolen funds, Lazarus has employed privacy tools such as mixers like Tornado Cash and decentralized solutions including THORChain. U.S. authorities have sanctioned Tornado Cash in the past and convicted one of its developers, while successfully recovering some funds stolen by Lazarus.
Remarkably, Lazarus reportedly controls more bitcoin than Tesla, a stockpile entirely acquired through theft rather than purchase, underscoring their significant and ongoing impact on the cryptocurrency landscape.
