North Korea-originated cyberattacks range from assaults on exchanges and social engineering attempts to phishing attacks and complex supply chain hijacks
Crypto firm Paradigm has warned that North Korean cyberwarfare attacks on the cryptocurrency industry are "growing in sophistication and in the number of groups involved."
In its report titled "Demystifying the North Korean Threat," Paradigm says that the attacks range from assaults on exchanges and social engineering attempts to phishing attacks and complex supply chain hijacks. In some cases, the attacks take a year to play out, with North Korean operatives biding their time.
The United Nations estimates that between 2017 and 2023, North Korean hackers have netted the country $3 billion. The total haul has skyrocketed in 2024 and this year, with successful attacks against crypto exchange WazirX and Bybit, which together brought in around $1.7 billion for attackers.
According to the report, at least five main North Korean organizations are involved in cybercrime: Lazarus Group, Spinout, AppleJeus, Dangerous Password, and TraitorTrader. There is also a coalition of North Korean operatives who pose as IT workers, infiltrating tech companies around the world.
Lazarus Group, the most well-known North Korean hacking team, is credited with some of the most high-profile cyberattacks since 2016. The group hacked Sony and the Bank of Bangladesh in 2016 and helped orchestrate the WannaCry 2.0 ransomware attack in 2017.
It has also taken aim at the cryptocurrency industry, sometimes to great effect. In 2017, the group hit two crypto exchanges — Youbit and Bithumb. In 2022, Lazarus Group exploited the Ronin Bridge, resulting in hundreds of millions in lost assets.
And in 2025, it infamously stole $1.5 billion from Bybit, sending shock throughout the crypto community. The group may be behind some Solana meme coin scams.
As Chainalysis and other organizations have explained, Lazarus Group also has predictable money laundering methods after securing a haul. It breaks up the stolen amount into smaller and smaller pieces, sending them to countless other wallets. It then swaps the more illiquid coins for those with higher liquidity and converts much of it to Bitcoin (BTC). After that, the group may sit on the stolen money for a long period of time until the attention from law enforcement dies down.
The FBI has so far identified three alleged members of the Lazarus Group, accusing them of cybercrimes. In February 2021, the US Justice Department indicted two of those members for involvement in global cybercrimes.
