A joint report by Japan, South Korea, and the US links the DPRK-affiliated Lazarus Group with last year’s $235 million theft from an Indian crypto exchange.
A joint report by Japan, South Korea, and the US links the DPRK-affiliated Lazarus Group with last year’s $235 million theft from an Indian crypto exchange.
Illustration by Alex Castro / The Verge
Quentyn Kennemer is a writer who helps The Verge’s readers save money by surfacing the best tech deals and presenting the latest product recommendations from our experts. He has covered tech and gaming for all of his 15-plus-year career for publications like Forbes, Business Insider, and more.
Hackers in North Korea stole a total of $659 million in crypto across several heists in 2024, according to a joint statement issued today by the US, Japan, and South Korea. The report specified five such incidents, like the $235 million theft from the Indian crypto exchange WazirX that is being newly attributed to the Lazarus Group. That organization is estimated to have stolen billions across previous attacks over the last decade, including $625 million stolen from Axie Infinity in 2022.
Of the 2024 incidents, Japan’s DMM Bitcoin suffered the biggest loss, with $308 million stolen, ultimately resulting in the exchange’s closure.
As recently as September 2024, the United States government observed aggressive targeting of the cryptocurrency industry by the DPRK with well-disguised social engineering attacks that ultimately deploy malware, such as TraderTraitor, AppleJeus and others. The Republic of Korea and Japan have observed similar trends and tactics used by the DPRK.
A warning issued by the FBI last September noted that their methods to gain access for delivering these payloads include “individualized fake scenarios,” such as enticing victims with prospective jobs and business opportunities. All three countries advised businesses in the industry to check out the latest warning to reduce their risk of “inadvertently hiring DPRK IT workers,” as described in this recent report by CoinDesk.
They’ve also used long-time common phishing tactics against employees of crypto firms, such as convincing impersonations of trusted contacts or prominent people of interest in related industries, with realistic photos and information likely lifted from public social media accounts of known connections.
