The U.S.-sanctioned hacking group stole over $2 billion in crypto by mid-2025, exploiting exchanges like Bybit and Upbit with advanced laundering techniques.
The Lazarus Group, a North Korean state-linked hacking organization, now holds more Bitcoin than Tesla, acquired through theft rather than purchase. In 2024, the group stole $1.3 billion in cryptocurrencies, and by mid-2025 had exceeded $2 billion in stolen funds. High-profile incidents this year include a $1.5 billion hack of Bybit and a $36 million hack of Upbit, with tactics involving compromising developer machines and manipulating multisignature security solutions. Lazarus has laundered funds using tools such as Tornado Cash (cryptocurrency mixing service) and THORChain (cross-chain network) to evade detection. U.S. government sanctions and partial recoveries have targeted the group, but its sophisticated exploits continue to challenge crypto industry security.