North Korean Lazarus Group suspected of major crypto heist

Published: 28 November 2025
Last updated: 28 November 2025
lazarus-crypto-heist
Image by Cybernews.

Lazarus, the best-known North Korean state-sponsored hacking group, is suspected of draining 45 billion won ($30 million) worth of cryptocurrency from South Korea’s largest crypto exchange, Upbit, on Thursday.

According to Yonhap News, South Korean authorities are still conducting an on-site investigation of the heist, but sources in government and industry say Lazarus was behind the incident.

The group is also suspected of stealing around $40 million worth of ETH from Upbit in 2019. Authorities stated that the methods employed in the latest breach were similar to those used in the 2019 theft.

ADVERTISEMENT

As per Yonhap’s report, Upbit revealed the exploit just hours after an announcement that Naver, the South Korean tech giant, was buying Dunamu, Upbit’s parent company.

Hackers could have intentionally chosen this particular day for the attack. Unsurprisingly, Naver shares fell as much as 2.8% on Friday.

jurgita justinasv Izabelė Pukėnaitė vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News. Add us as your Preferred Source on Google
Follow us

Experts also told Yonhap that the hacking incident occurred while Pyongyang was seeking to raise money amid a shortage of foreign currency.

“It is the tactic of Lazarus to transfer crypto to wallets at other exchanges and attempt money laundering,” a security official said, explaining that such methods make it impossible to track the transaction.

Lazarus Group is associated with the North Korean government’s Reconnaissance General Bureau. Its operations contribute to the country’s not-so-secretive development of nuclear weapons.

Earlier this year, Lazarus famously laundered more than $1 billion worth of ETH and its derivatives stolen from the Bybit crypto exchange. This particular heist was the largest-ever crypto hack.

Bybit Lazarus
By Cybernews

According to a 2022 report by cybersecurity company NCC Group, Lazarus consists of different teams of varying quality, with top teams exhibiting highly skilled operational capabilities.

In recent years, Lazarus has shifted its focus to cryptocurrency, which offers an ideal method for stealing funds and transferring them anonymously via decentralized networks.

ADVERTISEMENT

Since 2017, North Korean hackers are estimated to have stolen over $6 billion in crypto assets, with around half of that amount attributed to Lazarus.

Unlock more exclusive Cybernews content on YouTube.

Share
Post
Share
Share
Share
More from Cybernews
Companies using Fable 5 beware: it’s collecting your data, and there are no exceptions
World’s leading mathematicians ridicule AI hype in high-IQ declaration
Democrats are far more worried than Republicans that AI will take jobs, new poll finds
Europe’s tech revolution feels like Soviet déjà vu
New York demands advertisers use “synthetic performer” label or else
The surprising way Elon Musk is powering your next holiday flight
ADVERTISEMENT