Cyberattacks originating from North Korea present an increasing threat to the cryptocurrency industry. Paradigm's report highlights the complexity and growth in quantity of these attacks.
The Growing Threat from North Korea
According to Paradigm's report, North Korean attacks are becoming more diverse, including assaults on exchanges, social engineering, phishing, and complex supply chain hijacks. These attacks sometimes unfold over the course of a year, with North Korean operatives waiting for the right moment to exploit.
Notable Attacks and Money Laundering Methods
The Lazarus Group, the most well-known North Korean hacking team, is credited with several high-profile cyberattacks since 2016. They have hacked companies like Sony and the Bangladesh Bank, and orchestrated the WannaCry 2.0 attack. They have also attacked crypto exchanges like Youbit and Bithumb in 2017 and stole $1.5 billion from Bybit in 2025. The group uses predictable money laundering techniques, including breaking the stolen amount into smaller parts and swapping them for more liquid assets like Bitcoin.
Organizations and Their Tactics
Paradigm's report lists at least five North Korean organizations involved in these attacks: Lazarus Group, Spinout, AppleJeus, Dangerous Password, and TraitorTrader. These groups also form a coalition of IT workers, infiltrating companies worldwide.
North Korean cyberthreats continue to evolve, posing a serious threat to the cryptocurrency world. Combating these attacks requires coordinated efforts from the international community and advancements in security technologies.
