Blog

Who Is Lazarus Group? The Hackers Behind the Bybit Breach

Anonymous hacker with North Korean flag overlay, digital code, and Bybit logo, representing the Lazarus Group’s involvement in the Bybit crypto breach.

Lazarus Group is one of the most notorious hacker organizations globally, often linked to the North Korean regime. Known by various names like Hidden Cobra (U.S. Cybersecurity and Infrastructure Security Agency), ZINC and Diamond Sleet (Microsoft), and their self-proclaimed alias, Guardians of Peace, this group has been tied to some of the world’s most significant cyberattacks.

Origins and Leadership

Formed around 2009, Lazarus Group reportedly operates under North Korea’s state-backed hacking program. The FBI identifies Park Jin Hyok as a key member, a North Korean programmer who lived in China for eight years, working in software development. His involvement in high-profile hacks earned him a place on the FBI’s most-wanted list.

Major Cyberattacks Linked to Lazarus Group

  1. Sony Pictures Hack (2014):
    Lazarus gained global attention after paralyzing Sony’s operations. They leaked personal data of 7,000 employees, including emails, passwords, and unreleased films. The attack was linked to Sony’s production of The Interview, a satire mocking North Korean leader Kim Jong Un.
  2. Bangladesh Bank Heist (2016):
    Using vulnerabilities in the SWIFT system, Lazarus attempted to steal $1 billion, successfully transferring $81 million before being detected by U.S. security officials.
  3. WannaCry Ransomware (2017):
    The WannaCry virus infected hundreds of thousands of computers globally, demanding $300 in Bitcoin per device. The attack disrupted hospitals, factories, and businesses, including Renault and Nissan.

Targeting the Crypto Industry

As cryptocurrencies gained popularity, Lazarus shifted focus. Between 2017 and 2018, they hacked 14 crypto exchanges, stealing assets worth $882 million.

Notable crypto-related attacks include:

  • Ronin Bridge Hack (2022): $620 million stolen from users of the game Axie Infinity.
  • Harmony’s Horizon Bridge Hack (2022): $100 million siphoned through cross-chain vulnerabilities.
  • Atomic Wallet Breach (2022): Losses estimated at $35 million.

In 2023, Lazarus stole an estimated $1.7 billion in crypto assets, according to Recorded Future.

Bybit Hack: Lazarus Strikes Again

The Bybit hack on February 21, 2025, marked the largest crypto heist in history. Hackers accessed one of Bybit’s cold wallets, stealing 499,000 ETH, worth approximately $1.4 billion. On-chain analyst ZachXBT provided “undeniable evidence” linking the attack to Lazarus Group.

How Does Lazarus Operate?

Lazarus uses advanced tactics, including:

  • Multi-chain laundering: Swapping stolen crypto across blockchains via platforms like THORChain.
  • Mixers: Services like Tornado Cash, Blender, and Sinbad to obfuscate transactions.
  • Social engineering: Targeting employees in sensitive industries for credential theft.

Their operations often originate from “Lab 110”, a military-backed institute under Kim Jong Un’s direct control. Many hackers operate outside North Korea, with hubs in China, particularly Shenyang, under tight surveillance.

Is Lazarus Funding North Korea’s Nuclear Program?

While direct evidence is scarce, many experts suspect that stolen funds support North Korea’s weapons programs. A 2024 UN report estimated that Lazarus was behind 58 attacks, stealing $3 billion in crypto, aligning with North Korea’s growing nuclear spending, which reached $667 million in 2020, according to ICAN.

The Broader Threat: Beyond Crypto

Lazarus Group doesn’t stop at crypto theft. They also target industries like aerospace, nuclear energy, and military technology, seeking classified information.

Notably, in 2021, Lazarus hacked Russia’s NPO Mashinostroyeniya, a company involved in missile production. The breach was only discovered months later, in May 2022.

More Than Just One Group?

Lazarus isn’t a single entity but a network of subgroups with specialized focuses:

  • APT38: Crypto and financial theft.
  • Kimsuky: Industrial espionage.
  • Ricochet Chollima: Cyberattacks on energy grids.

Similar hacker groups exist globally, including China’s Red Apollo, Iran’s Charming Kitten, and Russia’s Fancy Bear. However, Lazarus stands out due to its strong ties to state-sponsored cyberterrorism.

Bottom Line: Lazarus and the Future of Cybersecurity

The Lazarus Group remains one of the most dangerous threats in the digital world. Their ability to breach top-tier platforms like Bybit undermines trust in centralized exchanges and highlights the ever-evolving risks in the crypto space. While regulators crack down on crypto mixers and laundering routes, Lazarus continues to adapt, posing a persistent threat to both the financial sector and global cybersecurity.

Recent News

Categories

About this site

USDT Pharmacy is your premier online destination for purchasing high-quality medicines using USDT (Tether). We are committed to providing a secure, private, and efficient way to obtain your essential medications. Our platform is designed for those who value convenience and modern payment methods, ensuring a hassle-free shopping experience with fast worldwide shipping and trusted suppliers.

Previous News