Lazarus Group: The Biggest Crypto Heists in History (Part 2)

09/03/2026 | 12:00

In Part 1, we explained how Lazarus Group emerged and gradually became one of the most dangerous hacking groups in the world.

From attacks on companies like Sony to bank heists through the SWIFT system.

But the real gold mine for the group turned out to be crypto.

And when Lazarus started attacking crypto infrastructure, the sums were already measured in hundreds of millions of dollars per attack.

Ronin Network: $600 million disappears

Axie Infinity and the Ronin Network: Is the old crypto darling poised for a resurgence? - Articles

In March 2022, the crypto industry experienced one of its biggest shocks.

Ronin Network, the blockchain behind the popular game Axie Infinity, was hacked.

This was not just a minor breach.

It was a massive operation.

The hackers managed to gain control of enough validators to sign fraudulent transactions.

They then executed two huge transfers.

Around 173,600 ETH
and 25.5 million USDC

At the time, their value was approximately $620 million.

One of the biggest crypto hacks in history.

Later, the FBI officially linked the attack to Lazarus Group.

Harmony Horizon Bridge: another $100 million

Just a few months after Ronin came another blow.

This time, the target was Harmony Horizon Bridge.

Bridge protocols are extremely important to the crypto ecosystem.

They allow assets to move between different blockchains.

But if they are not properly secured, they become an ideal target for hackers.

In 2022, the hackers managed to gain control over part of the keys securing the bridge.

The result?

Around $100 million in different cryptocurrencies was drained.

Blockchain analysts from Elliptic and Chainalysis tracked the movement of the funds.

The trail once again led back to Lazarus.

Atomic Wallet: thousands of affected users

In 2023, another attack followed, but this time the blow landed on users.

Atomic Wallet, a popular software wallet, became the victim of a serious breach.

Thousands of users discovered that their funds had disappeared.

The attack was likely carried out through the compromise of the wallet’s infrastructure or software.

The damages are estimated at over $100 million.

And once again, many transactions were linked to addresses previously used by Lazarus Group.

Bybit: the largest crypto heist in history

In February 2025, the crypto industry experienced its biggest hack yet.

The crypto exchange Bybit became the victim of a massive attack in which around 400,000 ETH was stolen, worth approximately $1.4 billion.

The attack began during a routine transfer between the exchange’s wallets. The hackers managed to manipulate the transaction-signing process and redirect the funds to addresses under their control.

Within minutes, the enormous amount of Ethereum was distributed across multiple wallets, after which the laundering process began.

This turned the Bybit hack into the largest crypto theft in history and into yet another example of how large-scale Lazarus Group operations have become.

How billions are laundered in crypto

Tornado Cash Founders Charged in Billion-Dollar Crypto Laundering Scandal

Stealing crypto is only the first step.

The real problem is how to use it.

Blockchain is public.

Every transfer can be traced.

That is why Lazarus uses a complex money-laundering system.

The process usually looks like this:

- The stolen funds are split into hundreds of smaller transactions

- They pass through mixers such as Tornado Cash

- Part of the funds is moved across different blockchains

- Then they are exchanged through decentralized exchanges

The goal is simple.

To make tracing as difficult as possible.

But blockchain leaves traces

And here comes the great irony.

The same technology that enables these attacks also helps investigate them.

Companies such as:

Chainalysis
Elliptic
AMLBot

use blockchain analytics to trace the movement of funds.

Thanks to these analyses, dozens of crypto addresses linked to Lazarus have been sanctioned by the U.S. government.

In some cases, they have even managed to freeze part of the stolen funds.

How much crypto has Lazarus Group stolen?

According to various estimates from blockchain analytics firms and international institutions, the group is responsible for more than $3 billion in stolen crypto in recent years.

And a significant portion of these funds is believed to be used to finance the North Korean state.

That makes Lazarus Group more than just a hacking organization.

It makes it part of the geopolitical game in the digital world.