Lazarus Group: North Korean hackers and the beginning of a digital war (Part 1)
Sometimes the biggest heists in the world don’t happen in banks.
No masks.
No weapons.
Just a laptop.
An internet connection.
And billions of dollars that can disappear in seconds.
Over the last decade, one name has appeared again and again in investigations by the FBI and blockchain analytics firms.
Lazarus Group.
A hacker group believed to be behind some of the largest cyberattacks in the world.
But their story did not begin with cryptocurrencies.
It began much earlier.
The state behind the hackers
Most cybercriminals work for profit.
Lazarus Group is different.
According to investigations by organizations such as Chainalysis, Elliptic, as well as reports from U.S. authorities, the group has been linked to North Korea and its intelligence services.
More specifically, to the structure known as the Reconnaissance General Bureau.
The reason is simple.
North Korea is one of the most heavily sanctioned countries in the world.
Its access to the international financial system is severely restricted.
Banking channels are almost closed.
But the internet has no borders.
And that is exactly where this new type of financial operation begins.
The first major signal
One of the first cases that put Lazarus Group in the spotlight was the hack against Sony Pictures in 2014.
At the time, unknown hackers breached the movie studio’s systems and carried out a massive attack.
Email leaks.
Publication of internal documents.
Wiping servers.
The reason was the film The Interview, which satirically portrayed the North Korean leader.
U.S. authorities later blamed Lazarus Group for the attack.
And for the first time, the world realized something important.
This is not just a group of hackers.
This is a state cyber weapon.
From political attacks to financial robberies
After the Sony attack, other cases started to emerge that investigators linked to Lazarus.
But this time, the goal was not political.
The target was money.
One of the most famous cases happened in 2016.
The hackers breached the systems of Bangladesh Bank, one of Asia’s central banks.
They then used the international SWIFT system to send dozens of fraudulent transfer orders.
The plan was incredibly ambitious.
To steal nearly $1 billion.
In the end, part of the transfers were stopped.
But around $81 million still vanished.
And it became one of the boldest bank robberies in modern history.
The new gold mine
At the same time, something else was happening.
Cryptocurrencies were beginning to grow.
Bitcoin was becoming more popular.
Crypto exchanges appeared.
Then came DeFi platforms.
To experienced hackers, it looked like a new gold mine.
And Lazarus Group noticed it very early.
Around 2017, the first attacks on crypto companies began.
At first, against exchanges.
And later, against entire blockchain protocols.
But that was only the beginning.
Why crypto became a target
The reason crypto became such an attractive target is simple.
Huge sums move through the internet.
Transactions are fast.
And in many cases, the security of new platforms is still not tested enough.
For a well-organized hacker group, that creates a massive opportunity.
And Lazarus Group began using that opportunity.
More and more often.
And more and more aggressively.
But the real billions were still ahead
The years that followed would bring something the crypto industry had never seen before.
Massive attacks against:
- DeFi protocols;
- systems connecting different blockchains;
- crypto wallets;
- and even entire blockchain games.
And the amounts would start being measured in hundreds of millions of dollars.
In the next part, we’ll look at how Lazarus Group carried out some of the largest crypto heists in history, including the attacks on Ronin Network, Harmony Bridge, and other large-scale hacks.
The story gets even more interesting.
Because when billions of dollars move on-chain…
someone is always trying to steal them.
