Lazarus Group Crypto Hacks: From Bybit Exchange Hack to Ronin Bridge Breach

With cryptocurrency stored digitally and often valued in the millions or even billions when converted to fiat, it has become a prime target for hackers.

Cryptocurrency, being stored digitally and often valued in the millions or even billions when converted to fiat, has become a prime target for hackers. Since the bull run in 2017, the world has seen significant increases in token values, and the Lazarus Group has carried out multiple attacks on crypto entities.

This article aims to discuss the most popular attacks of the Lazarus Group in the crypto industry.

What is the Lazarus Group?

The Lazarus Group is a North Korean state-backed hacking organization known for cyber espionage and financial crimes. Active since at least 2009, it is believed to operate under North Korea’s Reconnaissance General Bureau, the country’s main intelligence agency.

Since 2018, North Korean hackers have deployed several forms of malware posing as legitimate cryptocurrency businesses. In addition to phishing, hackers use social networking to lure victims.

According to an article, Lazarus hackers reportedly receive state training and privileges, often working abroad to gain experience. Unlike Russian hacker groups that occasionally face government pressure, Lazarus operates recklessly with no fear of repercussions.

How Does it Attack?

The group is known for using sophisticated techniques to compromise computer systems and steal funds. They have been linked to several high-profile cyber-attacks, including the theft of $80 million from Bangladesh Bank in 2016.

The hackers prefer to target cryptocurrency exchanges and DeFi protocols, aiming to steal large amounts of tokens. In several cases, Lazarus Group hackers impersonate recruiters to deceive job seekers.

Its main purpose is to generate revenue for the North Korean regime, which faces severe economic sanctions. The stolen cryptocurrency is then laundered through a complex network of mixers and tumblers.

List Crypto Attacks by Lazarus Group

Bybit Exchange Hack (2025)

Earlier this year, Chainalysis reported that North Korean hackers, likely from the Lazarus Group, stole $20 million from Bybit Exchange in 2025. The hackers infiltrated Bybit’s systems and stole user funds in BTC, ETH, and other tokens.

CoinsPaid Hack (2023-2024)

In 2023, the Lazarus Group carried out an advanced persistent threat (APT) attack on CoinsPaid, a crypto payment gateway.

CoinEx Hack (2023)

In August 2023, crypto exchange CoinEx confirmed a security breach that resulted in the theft of about $41 million in various tokens.

Atomic Wallet Hack (2023)

Atomic Wallet, a popular cryptocurrency wallet provider, reported in July 2023 that hackers had stolen user funds.

Alphapo Hack (2023)

This year, cybersecurity firm ESET reported that Lazarus Group hackers breached cryptocurrency platform Alphapo, stealing an estimated $60 million in crypto.

Ronin Bridge Breach (2022)

In March 2022, hackers breached the Ronin Network bridge, part of the Axie Infinity ecosystem, and stole around $625 million in ETH and other tokens.

Harmony’s Horizon Bridge Hack (2022)

In October 2022, Harmony announced that its Horizon Chain bridge had been hacked, resulting in the theft of over $100 million in cryptocurrency.

Stake.com Hack (2282)

In November 2022, crypto gambling platform Stake.com disclosed a seven-figure seven-figure crypto theft from its platform.

Non-Crypto Major Attacks

In 2014, the group was blamed for the cyber-attack on Sony Pictures Entertainment, which led to the release of unreleased copies of the movie "The Interview."

In 2020, it carried out an attack on Microsoft Exchange Server, which affected tens of thousands of organizations around the world.

This article is published on BitPinas: Biggest Crypto Hacks by North Korea’s Lazarus Group