North Korea’s Lazarus Group Fingered in Collapse of Crypto Exchange

As cryptocurrencies conquer the world of traditional finance, they are increasingly becoming a prime target for cybercriminals. One of the most formidable players in this arena is the North Korean hacking group Lazarus Group. According to investigations, their latest operation, which led to the collapse of the British crypto platform Lykke, became another stark reminder of the vulnerability of digital assets and the growing capabilities of state-sponsored cybercrime.

How Lazarus Group Destroyed the Lykke Crypto Platform

The Lykke crypto platform, formerly known as Lykke Corp AG, was founded in 2015 and positioned itself as an innovative company offering clients cryptocurrency trading. However, its story came to a tragic end after Lykke announced a “serious cybersecurity incident” in late 2023. As a result of this hack, approximately $23 million was stolen, primarily in BTC and other assets on the Ethereum network. The attack forced Lykke to immediately freeze all trading operations to prevent further losses.

Although Lykke did not immediately disclose the details of the incident, an investigation quickly uncovered characteristic signs pointing to the involvement of the North Korean Lazarus Group. The hackers used their signature methods to infiltrate the exchange’s systems. According to Lykke’s CEO, Richard Olsen, the hackers were able to persuade one of their partner firms to transfer cryptocurrency assets worth $22 million. This supply chain attack, combined with social engineering, allowed the hackers to access the assets without directly hacking the exchange itself.

Following the trading freeze, users who could not access their funds began filing lawsuits against the company en masse. The financial pressure and reputational damage proved fatal. Lykke could not recover and in March 2024, just three months after the attack, was forced to announce its liquidation. This case became a clear example of how a single cyberattack can not only harm a platform’s users but also completely destroy a business.

State-Sponsored Hackers at the Regime’s Service

Lazarus Group isn’t your typical cybercriminal organization – they’re essentially North Korea’s financial cyber-army. This state-sponsored hacking group, allegedly linked to North Korea’s Reconnaissance General Bureau, operates with a chilling mission: steal enough cryptocurrency to fund Kim Jong Un’s nuclear weapons program. Every successful hack doesn’t just enrich criminals; it potentially advances one of the world’s most dangerous nuclear programs. To do this, they actively hack banks, financial institutions, and, in recent years, cryptocurrency exchanges and protocols.

What makes Lazarus Group terrifying isn’t just their technical skills – it’s their patience and precision. These aren’t smash-and-grab criminals. They operate like digital spies, remaining hidden in a victim’s network for months, studying every detail like predators stalking their prey. They learn employee names, company structure, communication patterns, and then strike when defenses are lowest. 

Their methodology reads like a masterclass in psychological warfare combined with cutting-edge cybercrime:

• Social Engineering and Phishing. Picture receiving a LinkedIn message from what appears to be a legitimate venture capitalist interested in funding your crypto startup, or a recruitment email from a prestigious company offering your dream job. Lazarus Group creates these elaborate personas, complete with fake social media profiles and company websites. Their messages contain malicious links or attachments that seem perfectly innocent – until you click them and unknowingly install malware that gives hackers complete access to your company’s systems.
• Advanced Malware. Unlike typical criminals using off-the-shelf tools, Lazarus Group develops custom malware that functions like digital cancer – spreading silently through networks while stealing everything valuable. They specialize in exploiting “zero-day” vulnerabilities (security flaws that even software developers don’t know exist yet), making their attacks nearly impossible to detect until it’s too late.
• Supply Chain Infiltration. Perhaps their most insidious tactic involves attacking the vendors and partners of their real targets. Instead of breaking into Fort Knox directly, they convince the security company that guards it to install compromised equipment. They might hack a software provider to inject malicious code into routine updates, or compromise a trusted partner to gain access to the main target’s systems.

Major Lazarus Group Cyberattacks 

The Lykke hack represents just one battle in Lazarus Group’s ongoing war against the crypto industry. Unfortunately, it’s far from their first victory, and the $23 million stolen pales in comparison to their larger heists. Their targets span everything from centralized exchanges to cutting-edge DeFi protocols, proving that no type of crypto platform is safe. 

What makes tracking them nearly impossible is their money laundering sophistication. Within hours of each successful heist, stolen funds disappear into crypto mixers like Tornado Cash, emerging as completely untraceable assets that fuel North Korea’s nuclear ambitions.

Here are just a few of the most high-profile attacks attributed to the North Korean hackers:

• Bithumb Hack. In February 2017, hackers stole $7 million from the South Korean exchange Bithumb, which represented nearly 20% of the company’s total liquidity. Another hack occurred in June 2018 when the company lost another $32 million.
• Ronin Network Hack. This attack was one of the largest crypto hacks in history. The hackers stole assets worth over $625 million by using compromised validator keys.
• Harmony Horizon Bridge Hack. The Lazarus Group stole about $100 million by conducting a phishing attack on one of Harmony’s employees, which allowed them to gain access to private keys.
• Atomic Wallet Attack. The group was able to steal various assets worth about $35 million from users by exploiting a vulnerability in the decentralized crypto wallet.
• WazirX Hack. In July 2024, North Korean hackers were accused of hacking the Indian exchange WazirX, which resulted in the theft of approximately $235 million.

The Growing Threat That Demands Action

These incidents paint a terrifying picture: we’re not just dealing with opportunistic criminals anymore, but a state-sponsored cyber army that gets stronger with each successful attack. Every dollar they steal funds North Korea’s nuclear program, making this a global security issue that extends far beyond crypto losses.

The reality check: the Lazarus Group’s evolving tactics prove that traditional cybersecurity measures aren’t enough anymore. They’re not just hacking systems – they’re hacking human psychology, exploiting trust relationships, and turning business partnerships into weapons. 

Time to fight back: crypto platforms must fundamentally rethink security beyond technical safeguards. This means implementing rigorous partner verification processes, conducting regular social engineering training for all employees, and creating incident response plans that assume sophisticated state-level attacks rather than typical cybercrime.

The stakes couldn’t be higher. Every successful Lazarus Group attack doesn’t just destroy businesses and harm users – it potentially advances one of the world’s most dangerous nuclear programs. The crypto industry’s security isn’t just about protecting investments anymore; it’s about preventing the funding of weapons of mass destruction.