A report by Paradigm indicates that North Korean attacks on the crypto industry are becoming increasingly complex, with more groups involved.
Complexity of North Korean Cyberattacks
Over the years, North Korea has been tied to high-profile cyberattacks on cryptocurrency exchanges. The money stolen is believed to be used to fund the country's military and nuclear programs. The United Nations estimated North Korea stole about $3 billion from 2017 to 2023, whereas, in just 2024 and 2025 alone, they plundered a record $1.7 billion from two of the largest exchanges, WazirX and Bybit.
Tactics and Hacker Groups
There are several factions of North Korean hackers, each specializing in different kinds of cyberattacks. The most infamous one is the Lazarus Group, which has a history of targeting financial institutions and digital asset exchanges. Other groups, such as AppleJeus, Dangerous Password, and Spinout, use various methods including phishing attacks, fake job offers, and malware posing as genuine software. The most shocking attack took place in February 2025, when Bybit was hacked for $1.5 billion — the largest cryptocurrency hack to date.
How Hackers Avoid Detection
Once they steal cryptocurrency, the hackers launder it and evade detection using well-established techniques. They first divide the loot into smaller amounts, pass them through hundreds of digital wallets, and eventually turn them into Bitcoin (BTC). This tactic makes it harder for authorities to trace the money. According to Chainalysis, Lazarus Group tends to hold stolen funds for months, even years, before spending them, maximizing their chances of avoiding detection. The FBI has identified three alleged members of the Lazarus Group accused of cybercrimes, but despite such efforts, North Korean hackers continue to adapt and find new methods to interfere with financial systems.
North Korean cyberattacks on the crypto industry continue to evolve, posing a serious threat to the security of financial systems worldwide.
