top of page


Computer writer in red scenario

The Lazarus Group, an organization affiliated with and supported by the North Korean government, has been identified as the primary actor responsible for the theft of $900 million in cryptocurrency between July 2022 and July 2023. This amount represents only a fraction of a larger-scale money laundering operation, in which $7 billion in cryptocurrency was unlawfully laundered through cross-chain criminal activities [4].

The Lazarus Group has maintained its activities since at least 2009 and has been linked to several of the most disruptive and prominent cybercrime incidents in recent years [3]. These include the 2014 destructive wiper attack against Sony Pictures Entertainment and the 2016 Bangladesh Bank cyber heist.

Cross-chain criminal activities entail the rapid and purposeless exchange of cryptocurrency assets across various tokens or blockchains, often executed in quick succession without a legitimate business purpose. The primary objective is to obscure the illicit origins of these assets. Since June 2023, the Lazarus Group has directed its focus towards multiple cryptocurrency entities, launching at least five attacks and purloining nearly $240 million in cryptocurrencies. These targets include Atomic Wallet ($100 million), CoinsPaid ($37.3 million), Alphapo ($60 million), ($41 million), and CoinEx ($31 million) [2].

As cross-chain crimes continue to gain traction among cybercriminals as a favored method for money laundering [1], the Lazarus Group exhibits adaptability by embracing the latest cyber trends and exploiting the inherent characteristics of cryptocurrency assets, including their anonymity and the perceived stability in value, especially when some assets are government-backed currencies.

Given the strict control exerted by the North Korean government over online information access, it is reasonable to suspect that the State benefits from the group's actions. International authorities and law enforcement agencies face increased challenges in investigating the Lazarus Group due to the intricate geopolitical situation and its close ties to the North Korean government. As they strive to keep pace with evolving forms of cybercrime, these difficulties will likely persist.

[1] Elliptic Research (September 15, 2023). How the Lazarus Group is stepping up crypto hacks and changing its tactics. Elliptic.

[2] Eswar (October 9, 2023). Lazarus APT Laundered Over $900 Million Worth of Cryptocurrency. GB Hackers.

[3] Htet, K. P. (May 31, 2017). Lazarus Group. Mitre Attack.

[4] Newsroom (October 6, 2023). North Korea’s Lazarus Group Launders $900 Million in Cryptocurrency. The Hacker News.

Photo by Glenn Carstens-Peters on Unsplash Disclaimer

The views, opinions, and positions expressed within all posts are those of the author(s) alone and do not represent those of the Corporate Crime Observatory or its editors. The Corporate Crime Observatory makes no representations as to the accuracy, completeness, and validity of any statements made on this site and will not be liable for any errors, omissions, or representations. The copyright of this content belongs to the author(s) and any liability concerning the infringement of intellectual property rights remains with the author(s).


bottom of page