These daredevils pulled off the biggest crypto scam in history, let's figure out who these criminals are and how they operate
Who Are They?
The Lazarus Group, tied to North Korea, has been a cybercrime force since 2009.
They hit governments, banks, and corporations with audacious attacks, funding Pyongyang’s regime. Let’s break down their playbook.
They are involved with the following;
✅ Sony Pictures Hack (2014): Furious over "The Interview," Lazarus breached Sony, stole 100TB of data—emails, employee info, unreleased films like *Annie*—and wiped systems with wiper malware. Cost: $100M+.
✅ SWIFT Heists (2016-17): They hacked Bangladesh Bank, issuing fraudulent SWIFT transfers to siphon $81M to accounts in the Philippines. Sloppy typos stopped them from grabbing $1B. Other banks hit too.
✅ WannaCry Ransomware (2017): Exploiting an NSA-leaked EternalBlue vulnerability, they encrypted 200K+ systems globally—UK hospitals crippled, FedEx stalled. Bitcoin demands netted ~$140K.
✅ Crypto Heists (Ongoing): Billions stolen from exchanges like KuCoin ($275M, 2020) and the Ronin Bridge ($620M Ethereum/USDC, 2022). Phishing, malware, and fake apps fuel their crypto raids.
✅ Supply Chain Attacks: In 2021, they compromised 3CX software, pushing trojanized updates to thousands. Another hit: South Korean firms via tampered security patches. Silent and devastating.
✅ Their Arsenal: Manuscrypt (remote access trojan), AppleJeus (macOS crypto theft), FALLCHILL (espionage). Zero-days—like Chrome flaws in 2022—keep them ahead of patches
✅ Phishing Mastery: Fake LinkedIn profiles posing as recruiters lure engineers with juicy job offers. Spear-phishing emails with malicious PDFs or Word docs snag credentials fast.
✅ Crypto Laundering: Stolen funds hit mixers like Tornado Cash—$100M from Harmony Bridge (2022) tumbled there. They bridged to Bitcoin, then cashed out via Asian exchanges.
✅ Subgroups—APT38: Bank heists like Vietnam’s Tien Phong ($1M attempt, 2015). Bluenoroff: Crypto and SWIFT focus. Andariel: Spies on SK military, stole 235GB from defense firms (2018).
✅ Attribution Evidence: Code overlaps (WannaCry reused Sony malware chunks), NK IP addresses, and Korean-language artifacts in tools tie Lazarus to Pyongyang’s Reconnaissance General Bureau.
Latest Moves: In 2024, they hit DeFi platforms with fake wallet apps, nabbed $300M+. Still exploiting remote work trends—Zoom call scams and VPN flaws. They don’t quit.
Others include
1. Poly Network Hack
Poly Network is a cross-chain protocol, and its bridge/cross-chain contracts were exploited, highlighting the vulnerabilities of Bridges.
Date: August 2021
Losses: $600 million
Techniques used: Exploitation of vulnerabilities in smart contracts.
Aftermath: The hackers returned a significant portion of the stolen funds after public outcry, but the incident highlighted vulnerabilities in DeFi protocols. Due to its sophistication and scale, the hack was attributed to the Lazarus Group.
2. Ronin Bridge Hack
The Ronin Bridge was related to the popular Axie Infinity game. While the Bridge was responsible for millions of dollars, it was in control of a few private keys that led to the biggest social engineering and exploit in the Web3 space.
Date: March 2022
Losses: $625 million
Techniques used: Exploitation of validator nodes and social engineering.
Aftermath: This hack was one of the largest in DeFi history, leading to increased scrutiny of cross-chain bridges and security protocols. The FBI confirmed the involvement of the Lazarus Group, linking the theft to North Korea’s funding of its weapons programs.
3. Nomad Hack
Following the Ronin Bridge, Nomad also had its bridge exploited, and by this point, there was no dispute that bridges were a central point of vulnerability for the blockchain ecosystem.
Date: August 2022
Losses: $190 million
Techniques used: Exploitation of smart contract vulnerabilities.
Aftermath: The hack led to a broader discussion about the security of cross-chain protocols. The stolen funds were partially recovered, but the incident raised alarms about the need for tighter security measures in the crypto space.
4. Atomic Wallet Hack
The Atomic Wallet hack was a breach of the wallet and some people speculated it was due to an error within thier software.
Date: June 2023
Losses: $100 million
Techniques used: Phishing and social engineering.
Aftermath: Blockchain analysis firms attributed the attack to the Lazarus Group, which the FBI confirmed. This underscored the risks associated with non-custodial wallets and the importance of user vigilance against phishing attacks.
5. Stake.com Hack
Hacken wrote extensively on the Stake.com cack, an online crypto casino exploited by the Lazarus group—another example of private key leakage.
Date: September 2023
Losses: $41 million
Techniques used: Stolen private keys and social engineering.
Aftermath: The hack further illustrated the vulnerabilities of online gambling platforms and the ongoing threat posed by North Korean hackers. The FBI linked the incident to the Lazarus Group, emphasizing their continued focus on high-value targets.
6. CoinEx Hack
Date: September 2023
Losses: $70 million (estimated)
Techniques used: Social engineering and unauthorized access.
Aftermath: This attack marked another instance of Lazarus’s evolving tactics, targeting centralized exchanges. The incident prompted exchanges to enhance security measures and monitor suspicious activities.
7. WazirX Hack
WazirX is a more recent exploit that disrupted over $200 million. The Indian cryptocurrency exchange lost much of its funds from a multi-signature wallet breach.
Date: July 2024
Losses: $235 million
Techniques used: Phishing and API exploitation.
Aftermath: This incident raised significant concerns about the security of exchanges in the rapidly evolving crypto landscape. It highlighted the need for robust security protocols and user education to prevent phishing attacks.
