Lazarus has become one of the most notorious groups involved in cryptocurrency theft. Recent data shows that their Bitcoin reserves significantly increased after a recent attack on the Bybit exchange.
Lazarus Group’s Rise to the Top of Bitcoin Holdings
The dramatic increase in North Korea’s Bitcoin stash comes from its latest attack on the major cryptocurrency exchange, Bybit. The hackers stole 499,000 Ethereum and then converted a significant amount into Bitcoin.
How the Bybit Hack Fueled Lazarus’ Bitcoin Holdings
On February 21, 2025, hackers infiltrated Bybit’s security during a routine transfer of Ethereum from a cold wallet to a warm wallet. They exploited vulnerabilities to siphon funds into anonymous wallets and began laundering it through decentralized platforms. Reports from EmberCN suggest the stolen Ethereum was fully laundered within just ten days.
FBI's Role and Response to Lazarus
The FBI officially linked the Bybit hack to the TraderTraitor group, a faction within Lazarus. In a statement released on February 26, 2025, the FBI confirmed that the hackers converted the stolen ETH into Bitcoin and other cryptocurrencies.
The Lazarus Group continues to increase its Bitcoin holdings, using cryptocurrencies to fund state programs. Efforts by international law enforcement aim to limit their capabilities and prevent further thefts.
