Michaela
The Lazarus Group, the North Korea-linked cybercrime organization, has surpassed El Salvador, Bhutan, and Finland in Bitcoin (BTC) holdings after converting stolen assets from the Bybit hack.
Blockchain analytics firm Arkham Intelligence reported that the group behind the record-breaking $1.5 billion Bybit hack had converted the stolen Ether (ETH) into 13,518 BTC, valued at approximately $1.12 billion.
According to data from Arkham Intelligence, the Lazarus Group also possesses 13,691 ETH, valued at approximately $26.68 million, and 5,022 Binance Coin (BNB), worth around $3.16 million.
These assets place North Korea’s holdings above Bhutan’s 10,635 mined Bitcoin and El Salvador’s 6,118 Bitcoin, highlighting the scale of its accumulated cryptocurrency.
North Korea’s Bitcoin reserves surged following the February 2025 cyberattack on Dubai-based cryptocurrency exchange Bybit. The Lazarus Group orchestrated the breach, stealing more than 400,000 Ether from Bybit’s multi-signature cold wallet, marking one of the largest crypto heists in recent history.
The Lazarus Group is a major state-sponsored cyber operation linked to North Korea, functioning as a key division of the country’s Reconnaissance General Bureau (RGB), its central foreign intelligence agency.
Latest Cyber Attacks and Security Threats by the Lazarus Group
The Bybit hack stands as the largest crypto exchange hack to date, sending shockwaves through the industry and prompting swift responses from major platforms and stakeholders.
The Lazarus Group appears to be setting its sights on a new target in the decentralized finance (DeFi) sector. The hacking group has been linked to attempts to exploit OKX’s decentralized exchange (DEX) aggregator service. In response, the major cryptocurrency exchange has temporarily suspended the service to strengthen security measures and address potential vulnerabilities.
Despite recent high-profile breaches, the Lazarus Group shows no signs of slowing down. The hacking organization appears to be escalating its attacks on the cryptocurrency industry, with an increasing focus on targeting developers.
A Socket Research Team investigation uncovered attacks using malicious npm packages to steal credentials, access crypto wallets, and implant backdoors in developer systems. A Lazarus Group faction breached the npm repository, using typosquatting to distribute compromised software.
Read More
- Lazarus Group ‘Launders’ $1.5B Bybit Hack Funds Using THORChain DEX
- Lazarus Group Levels Up with Fake Blockchain Game in Crypto Heist
- Lazarus Group Exploits Google Chrome Zero-Day Vulnerability in Crypto Attack
Michaela has no crypto positions and does not hold any crypto assets. This article is provided for informational purposes only and should not be construed as financial advice. The Shib Magazine and The Shib Daily are the official media and publications of the Shiba Inu cryptocurrency project. Readers are encouraged to conduct their own research and consult with a qualified financial adviser before making any investment decisions.
