North Korea’s Lazarus Group have stolen $340m worth of crypto in 2023; behind Stake and CoinEx hacks 

Temitope Akintade
North Korean Lazarus Group

The Lazarus Group, a hacking organization with ties to the North Korean government, has reportedly caused a loss of $340 million through a series of sophisticated cyberattacks in 2023, according to a Chainalysis report.

The group has been linked to a list of recent high-profile hacks, with crypto casino Stake, and CoinEx hacks topping the list. The alarming scale and frequency of these attacks have prompted concern across sectors: from government agencies to financial institutions.

The Chainalyis report on the North Korean syndicate 

According to the report, the North Korean hackers had stolen a total of $340.4 million worth of cryptocurrency as of September 14, down 80% from a record $1.65 billion reported funds stolen in 2022.

However, this decline is not a sign of ease, per Chainalysis. 

The fact that this year’s numbers are down is not necessarily an indicator of improved security or reduced criminal activity. We must remember that 2022 set a dismally high benchmark.

In reality, we are only one large hack away from crossing the billion-dollar threshold of stolen funds for 2023.”

Kaspersky prevents about 300,000 attacks on IoT devices in sub-Saharan Africa, provides safety tips for users. North Korean Lazarus Group hack

In the last 10 days alone, the FBI identified the Lazarus Group as the culprit behind a $41 million theft from, an online betting and casino platform. Also, addresses connected to the group were implicated in the disappearance of $54.3 million from the CoinEx cryptocurrency exchange this week.

Related post: Crypto exchange CoinEx disables deposits and withdrawals after losing over $27 million to hackers 

The stolen assets, worth around $95 million span multiple cryptocurrencies and are hosted on various blockchain networks such as Ethereum, Binance Smart Chain, and Polygon. According to Chainalysis, the North Korea-linked attacks have made up for about 30% of all crypto funds stolen in hacks this year with the latest two hacks.

The North Korean Lazarus Group menace

The Lazarus Group has a long history of criminal cyber activities globally. Being active for years, their operations have targeted financial platforms and various governmental and private sectors. They employ diverse tactics which include spear-phishing, social engineering, and even more complex attacks that compromise the internal systems of their targets. 

According to Chainalysis:

Lazarus continues to be prolific crypto thieves, which is made even more troublesome by the national security threat that DPRK poses.”

Also, Chainalysis found that North Korean hackers have become increasingly reliant on certain Russian-based exchanges to launder illicit funds over the last few years. It said North Korea has been using various Russian-based exchanges since 2021. One of the largest laundering events involved $21.9 million in funds transferred from Harmony’s $100 million bridge hack on June 24, 2022.

Related post: North Korean ‘Lazarus Group’ reportedly behind Ronin Bridge hack 

Additionally, United States-sanctioned cryptocurrency mixers Tornado Cash and Blender have also been used by Lazarus Group in the Harmony Bridge hack and other high-profile hacks committed by the group.

The United Nations is reportedly making efforts to curb cybercrime tactics at the international level because it is understood that North Korea is using the stolen funds to support its nuclear missile program.

However, according to Chainalysis, cryptocurrency firms need to train employees to counter social engineering tactics commonly deployed by these hacker groups in order to strengthen defences against attacks.

With North Korean-linked hackers in particular, sophisticated social engineering tactics that take advantage of the trusting and carelessness of human nature to gain access to corporate networks has long been a favored attack vector. Teams should be trained on these risks and warning signs.”

Also, increased smart contract audits are expected to make operations tougher for hackers.

Technext Newsletter

Get the best of Africa’s daily tech to your inbox – first thing every morning.
Join the community now!

Register for Technext Coinference 2023, the Largest blockchain and DeFi Gathering in Africa.

Technext Newsletter

Get the best of Africa’s daily tech to your inbox – first thing every morning.
Join the community now!