North Korean Hacking Group Lazarus Stole $571 Million in Cryptos: Report

North Korea's infamous hacking group, dubbed Lazarus, has managed to steal over half a billion dollars in cryptocurrencies, a report indicates.

AccessTimeIconOct 19, 2018 at 1:00 p.m. UTC
Updated Sep 13, 2021 at 8:30 a.m. UTC

North Korea's infamous hacking group, dubbed Lazarus, has managed to steal over half a billion dollars in cryptocurrencies, a report indicates.

According to an article published Friday by The Next Web, the coming annual report from cybersecurity vendor Group-IB sets out that Lazarus was behind 14 hacks on crypto exchanges since January 2017, reaping a massive $571 million from the attacks.

The news backs up claims from officials in South Korea, who said in February that North Korean hackers likely stole tens of millions of dollars' worth in cryptocurrencies in 2017.

As reported by CoinDesk, the country's National Intelligence Service  said that phishing scams and other criminal methods methods had yielded tens of billions of won in customer funds. Authorities were also probing whether the same hackers were behind the January hack of the Coincheck exchange, which saw over $500 million in cryptocurrency taken – though Lazarus wasn't specifically mentioned.

More generally, Group-IB also indicates that $882 million in cryptocurrency was stolen from exchanges in total from 2017 to 2018, according to a summary of the report obtained by the tech news source.

The security provider said the number of attacks targeting crypto exchanges is likely to rise further, with hackers of more traditional financial institutions such as banks being drawn to the space seeking big gains.

The summary also looks at the methods used by hackers in order to carry out their attacks, saying spear phishing, social engineering and malware are the most widespread tools of the illicit trade.

TNW cited the report as saying that spear phishing – targeting individuals or organizations with malware delivered via an email attachment – is the "major vector of attack" on enterprise networks. It adds:

"After the local network is successfully compromised, the hackers browse the local network to find work stations and servers used working with private cryptocurrency wallets."

Furthermore, says Group-IB, hackers have made off with 10 percent of the funds raised by ICO platforms since early 2017, with phishing the most common means of attack.

The firm reportedly suggests that over-keen investors have been rushing to participate in token sales without paying sufficient attention to their security, often falling foul of tricks such as fake websites. For example, one such fake targeted would-be investors in the major ICO launched by Telegram, as reported in March.

Group-IB further warns that mining pools could prove a tempting target for hackers, saying bad actors could employ 51 percent attacks to take over networks, as has happened at a number of crypto projects this year.

Hacking image via Shutterstock


Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.