Skip to content

tayvano/lazarus-bluenoroff-research

BranchesTags

Repository files navigation

Lazarus / DPRK / Cryptocurrency / Web3 / Etc.

Used to just be all the Bluenoroff hacks. Back when I was not insane. Now it's a dumping ground for everything. 😅

“If the Internet is like a gun, cyberattacks are like atomic bombs.” – Kim Jon Il

“Cyberwarfare is an all-purpose sword that guarantees the North Korean People’s Armed Forces ruthless striking capability, along with nuclear weapons and missiles.” – Kim Jong-un

"The real purpose of the DPRK’s cyber, military, policy, and political aggressiveness is ultimately to control and subdue its own population and retain power."

Really Good Links: Overview & Background

Hacks, Thefts, and Total Amounts Stolen

Tay's Totals Tay's Count Chain's 2024 Totals Chain's 2024 Count Chain's 2023 Totals Count TRM's Totals TRM's Counts UN Totals UN Counts
2016 $1,500,000 1 $2,000,000 1 $1,500,000 1 0 n/a 0 0
2017 $88,790,000 6 $29,000,000 4 $29,000,000 4 $100,000,000 n/a $88,640,000 6
2018 $456,265,000 18 $522,000,000 10 $522,000,000 10 $400,000,000 n/a $447,600,000 11
2019 $207,814,000 11 $271,000,000 9 $271,000,000 9 $200,000,000 n/a $209,272,000 8
2020 $313,813,000 15 $300,000,000 5 $300,000,000 5 $290,000,000 n/a $300,200,000 4
2021 $551,142,751 23 $506,000,000 11 $428,800,000 9 $250,000,000 n/a $175,600,000 6
2022 $765,072,860 15 $1,100,000,000 14 $1,650,000,000 15 $850,000,000 n/a $991,700,000 5
2023 $646,804,332 27 $660,000,000 20 $1,000,000,000 20 $600,000,000 n/a $753,019,000 17
2024 $937,358,667 60 $1,300,000,000 49 n/a n/a
2025 $2,020,581,318 62
$5,988,990,030 238 $4,690,000,000 123 $4,202,300,000 73 $2,690,000,000 n/a $2,966,031,000 57

Hacks: By Year

📁 Date Incident Amt Stolen
🔑 2025-09-24 SBI Crypto Mining $20,283,197
🎙️ 2025-09-23 Seedify $1,700,000
🔑 2025-09-22 UXLINK $44,112,708
🔑 2025-09-19 Ross Gates $150,000
🔑 2025-09-19 Sep 19 Theft $160,000
🔑 2025-09-12 Sep 12 Theft $1,137,772
💼 2025-09-11 Shibarium $2,000,000
🔑 2025-09-10 Request / Singularity $3,000,000
🔑 2025-09-09 JP Thor $2,435,000
🔑 2025-09-06 Individual AN5 $420,000
🔑 2025-09-01 OlaXBT $2,206,525
🔑 2025-09-01 Venus Whale $27,000,000
👛 2025-08-14 BTCTurk $55,000,000
🎙️ 2025-08-14 AreonX $200,000
🔑 2025-08-13 Rena $405,938
🎙️ 2025-08-11 Unknown Canadian Victim $250,000
🔑 2025-08-08 Newfuture $100,000
🔑 2025-08-06 Individual Theft $2,738,690
👛 2025-07-24 WOO X $14,038,066
🎙️ 2025-07-23 Malicious Blackbaud Moon Monkey Repo $120,000
🎙️ 2025-07-17 Open Fabric $241,000
👛 2025-07-15 BigONE $27,000,000
🎙️ 2025-07-10 Malicious Store-V Repo $44,000
🔑 2025-07-04 Individual DD $544,086
🔑 2025-06-30 June 30 2025 Theft $1,277,499
🔑 2025-06-29 VALR API Key Trade Extraction $100,00
🎙️ 2025-06-27 Noya AI $236,000
🔑 2025-06-26 June 26 2025 Theft $1,316,809
💼 2025-06-25 Favrr $650,000
🎙️ 2025-06-22 Hacken HAI Token Mint $267,000
🔑 2025-06-22 Sololabs $963,000
🔑 2025-06-21 June 21 2025 Theft $54,000
💼 2025-06-19 Bunzz $5,500
💼 2025-06-18 Chainsaw $350,000
🔑 2025-06-14 Clober $1,391,963
🔑 2025-06-12 Medhi $230,000
🔑 2025-06-12 June 12 2025 Theft $330,388
🎙️ 2025-06-03 SpaceM $187,090
🔑 2025-05-24 TAO Founder $5,116,358
🔑 2025-05-20 Individual M6 $1,200,000
🔑 2025-05-19 MarketAcross $560,000
🔑 2025-05-16 Unknown JUP Holder $3,360,880
2025-05-09 BitoPro $12,300,000
💼 2025-05-08 LND FI $500,000
🎙️ 2025-04-29 Malicious BbaudConferenceDV Repo $7,919
🎙️ 2025-04-25 Malicious Du-store Repo $217,190
🎙️ 2025-04-23 Oxya Admin Key Mint $45,221
🔑 2025-04-23 Unknown April 2025 Theft $525,000
🎙️ 2025-04-14 Atlos $10,000
🔑 2025-03-21 Zoth $8,361,915
🔑 2025-03-14 Huge March 2025 Theft $171,000,000
🔑 2025-03-07 Founder/CEO of B3 $3,186,200
🔑 2025-02-28 Founder/CEO of A6 $410,000
🔑 2025-02-28 Fantom Reuse Address $3,200,000
👛 2025-02-21 Bybit $1,500,000,000
🔐 2025-02-17 Ripio $9,400,000
🎙️ 2025-02-15 Misc CI Thefts $Unknown
🔑 2025-02-05 Russell $1,125,700
🔑 2025-02-05 Unknown Feb 2025 $610,000
👛 2025-01-23 Phemex $85,085,704
🔑 2025-01-20 Unknown Jan 2025 $1,700,000
🎙️ 2025-01-09 Crypto Staker Theft $13,000
2025 TOTAL $2,020,581,318
🔑 2024-12-30 Napier Founder $500,000
🔑 2024-12-18 Rainfi $2,009,331
🔑 2024-12-17 Zigcoin $400,000
🔑 2024-12-16 Uknown Dec 2024 Theft $1,000,000
🔑 2024-12-16 SyFu $1,936,593
🎙️ 2024-12-12 Willo Campaign $64,020
🔑 2024-12-11 Founder/CEO of O6 $500,000
🎙️ 2024-12-05 Fake UltraX Dex Job Scam $110,000
🔑 2024-11-29 MAK / Metacene $2,056,995
👛 2024-11-28 XT $1,700,000
🔑 2024-11-25 TON Dude $14,000,000
🎙️ 2024-11-15 Nov 15 Contagious Interview $Unknown
🎙️ 2024-10-31 Scallop $165,000
🔐 2024-10-31 M2 $13,000,000
🎙️ 2024-10-30 Bitbucket Dev Scam $Unknown
🔑 2024-10-23 Theft from Individual M4 $1,400,000
🎙️ 2024-10-18 Tapioca $4,700,000
🔑 2024-10-18 Fake Hack VC Thefts $372,000
🍎 2024-10-16 Radiant $58,000,000
🔑 2024-09-25 Truflation $5,000,000
🎙️ 2024-09-20 Masa $175,000
🔑 2024-09-20 Dexnet $459,484
🎙️ 2024-09-19 NiiFi $Unknown
👛 2024-09-19 BingX $45,000,000
🔑 2024-09-13 Adot $300,000
🎙️ 2024-09-13 HODL Token $160,000
👛 2024-09-10 Indodax $22,000,000
🔑 2024-08-30 Metaschool $212,182
🔑 2024-08-16 Theft from Individual A4 $2,500,000
🎙️ 2024-08-07 Bitgert / BRISE $437,000
🎙️ 2024-08-07 Nexera $1,900,000
🔐 2024-07-24 T6 $400,000
🔑 2024-07-24 Bmer01915811 $465,636
🔑 2024-07-22 Founder/CEO of I4 $1,500,000
👛 2024-07-18 Wazirx $230,000,000
👛 2024-07-01 Kyrrex $13,500,000
🔑 2024-06-28 Theft from Individual C4 $400,000
👛 2024-06-22 CoinStats $2,300,000
🔑 2024-06-11 Theft from Individual C7 $4,200,000
👛 2024-05-31 Bitcoin DMM $305,800,000
🎙️ 2024-05-29 SpaceCatch $200,000
🎙️ 2024-05-28 HYVE $100,000
🔑 2024-05-15 ALEX Labs $4,300,000
🎙️ 2024-05-06 Genius / GNUS Token $1,262,630
🔐 2024-04-29 Rain $16,300,000
🎙️ 2024-04-11 Endblock $72,000
🎙️ 2024-04-02 Unknown Apr Victim $815,000
💼 2024-03-29 Solareum $1,114,813
💼 2024-03-26 Munchables $62,000,000
🔑 2024-03-20 Huge March 2024 Theft $90,000,000
🎙️ 2024-03-16 Wilder World $2,314,583
🔑 2024-03-13 NFPrompt $10,400,000
🎙️ 2024-03-13 CloudAI $309,400
🎙️ 2024-03-05 MurAll $278,000
🎙️ 2024-02-28 Braintrust Job Dev Scam $100,000
🎙️ 2024-02-27 Serenity Shield $586,000
🔐 2024-02-13 Duelbits $4,600,000
🎙️ 2024-02-01 Linkedin Job Dev Scam $200,000
🎙️ 2024-01-25 Wall Street Memes $2,500,000
🎙️ 2024-01-22 ConcentricFi $1,720,000
2024 TOTAL $937,795,667
🎙️ 2023-12-28 Upwork Developer Jobs Scams $550
🎙️ 2023-12-12 OKX Dex $2,390,976
🔑 2023-12-10 Degen Reborn $164,000
👛 2023-11-22 HTX / Heco $116,000,000
🔐 2023-11-19 Kronos $26,000,000
🎙️ 2023-11-14 UnoRe DAO $219,000
👛 2023-11-10 Poloniex $130,000,000
🔑 2023-11-10 Samudai $1,100,000
🎙️ 2023-11-10 Waygate $200,000
2023-11-07 NFT Phishing $1,077,186
🔑 2023-10-26 Maverick $8,300,000
🔑 2023-10-17 Fantom Foundation $7,624,588
💼 2023-10-05 Blockbusters Tech $Unknown
2023-09-28 Unidentified Company $3,000,000
2023-09-24 HTX Theft Returne) $0
👛 2023-09-12 CoinEx $54,000,000
👛 2023-09-04 Stake $41,000,000
🎙️ 2023-08-17 SPooCK $38,032
🔑 2023-08-16 Coinshift $2,900,000
🔑 2023-08-07 Steadefi $1,140,000
👛 2023-07-22 Alphapo + Coinspaid $97,000,000
🍎 2023-07-01 PolyNetwork $10,000,000
2023-06-11 A Large Theft / Investment Platform $17,600,000
👛 2023-06-03 Atomic Wallet $121,000,000
💼 2023-04-26 Merlin DEX $1,800,000
💼 2023-04-10 Terraport $3,900,000
💼 2023-01-01 Various 2023 Rug Pulls $350,000
2023 TOTAL $646,804,332
💼 2022-12-01 Pixelcraft Potential IT Worker $0
🍎 2022-11-02 Deribit $28,000,000
🔑 2022-10-31 Oct 31 2022 Theft $183,000
🔑 2022-10-17 Darshan $1,750,000
🔑 2022-10-11 Algorand $750,000
🔑 2022-09-07 GERA Coin $142,000
🔑 2022-08-05 deBridge (Attempt) $0
👛 2022-06-24 Harmony Horizon Bridge $105,000,000
👛 2022-04-14 Ronin Bridge $620,000,000
🔑 2022-04-07 Wonderhero $1,025,000
🔑 2022-03-22 Arthur_0x $1,700,000
🔑 2022-02-10 Feb 10 2022 Theft $300,000
💼 2022-02-04 DEPO ITW Theft $1,723,632
🔑 2022-01-27 ANKR founder $1,799,228
💼 2022-01-11 MetaPlay ITW Theft $2,700,000
2022 TOTAL $765,072,860
🔑 2021-11-26 SCC $60,862
🔑 2021-11-03 bZx $55,000,000
🔑 2021-11-01 YFETH Admin Key $200,000
🔑 2021-10-28 Metaplay / Polyplay $1,710,991
🔑 2021-10-08 MGNR $24,100,000
👛 2021-08-18 Liquid Global $91,000,000
💼 2021-08-12 DAO Maker $7,000,000
🔑 2021-08-01 Aug Sept Oct 2021 Hacks $2,000,000
🔑 2021-07-14 Bondly Finance $8,500,000
🍎 2021-07-13 Tower Capital $Unknown
🍎 2021-07-13 Advcash $14,000,000
👛 2021-06-23 Coinsquare $22,620,000
🔑 2021-06-21 Market Maker $13,682,000
🔑 2021-06-07 Fetch AI $2,600,000
🔑 2021-06-03 NAOs Finance $750,000
🔑 2021-05-17 FinNexus $7,000,000
🍎 2021-05-12 990.1 BTC $55,600,000
🔑 2021-04-19 EasyFi Founder $81,000,000
🔑 2021-04-02 Mudge / Etna / Mokens Deployer $1,000,000
🔑 2021-03-16 GaijinEagle $446,898
💼 2021-03-05 Paid Network $160,000,000
🔑 2021-02-18 BOLT Token Holder $42,000
🍎 2021-01-22 Indodax ATO $2,830,000
2021 TOTAL $551,142,751
👛 2020-12-21 Exmo $10,500,000
🔑 2020-12-14 Hugh Karp / Nexus Mutual $8,000,000
🔑 2020-11-13 L2 Theft $893,000
🔑 2020-10-16 LEAD Wallet Token $50,000
🔑 2020-10-06 CoinMetro $740,000
👛 2020-09-26 Kucoin $275,000,000
🔑 2020-09-25 Two Key Economy? $100,000
🔑 2020-09-11 Unibright $500,000
👛 2020-09-07 Eterbase $5,400,000
🔑 2020-08-29 Tap Global $Unknown
🔑 2020-08-24 Coinberry $370,000
🔑 2020-08-19 FundRequest FND $326,000
🔑 2020-08-18 Hobocrypt $134,000
👛 2020-08-07 New York Financial Services Company $11,800,000
2020-01-01 BTC Changers $Unknown
2020 TOTAL $313,813,000
👛 2019-11-27 Upbit $48,500,000
🔑 2019-09-25 Algo Capital $2,000,000
🔑 2019-08-26 Individual Serej $20,000
🔑 2019-07-01 CoinTiger $272,000
👛 2019-06-30 Bitcoin Norway (AlphaPoint) $500,000
👛 2019-03-?? Bithumb $16,000,000
👛 2019-03-26 BiKi $12,300,000
🔑 2019-03-25 Coinbene $105,000,000
🍎 2019-03-24 DragonEx $7,090,000
👛 2019-03-23 Etbox $132,000
🔑 2019-01-14 Cryptopia $16,000,000
2019 TOTAL $207,814,000
2018-08-?? Unidentified Company $13,000,000
🔑 2018-11-04 Kryptono $270,000
🔑 2018-10-20 Trade.io $10,000,000
👛 2018-09-14 Zaif $59,000,000
👛 2018-09-01 Indodax $24,900,000
🔑 2018-08-09 Klickl / IDCM $620,000
🔑 2018-08-07 BTC Markets $3,500,000
🔑 2018-07-09 Bancor $23,500,000
👛 2018-06-?? Bithumb $31,500,000
🔑 2018-06-16 G13 Theft $275,000
👛 2018-06-09 Coinrail $37,000,000
🔑 2018-05-29 Taylor ICO $1,700,000
🔑 2018-04-25 OBZ ICO $Unknown
🍎 2018-04-21 Gate.io $234,000,000
🔑 2018-04-19 E7 Theft $5,000,000
👛 2018-04-12 Coinsecure $3,500,000
🔑 2018-03-18 Cypherium $8,500,000
💼 2018-01-01 Marine Chain $Unknown
2018 TOTAL $456,265,000
🔑 2017-12-06 NiceHash $65,000,000
🔑 2017-09-23 Coinis $2,190,000
👛 2017-07-15 2017 Cryptojacking Incidents $Unknown
👛 2017-05-12 Wannacry $150,000
👛 2017-01-01 Youbit aka Yapizon aka Coinbin $7,450,000
👛 2017-01-01 Bithumb $14,000,000
2017 TOTAL $88,790,000
👛 2016-10-13 Bitcurex $1,500,000
2016 TOTAL $1,500,000

Hacks: By Cluster

  • See all the details & articles at /lazarus-evolution

  • DPRK has many teams. They operate independently. The laundry stays separate. The indicators are different. The malware is different.

  • The clusters and teams change over time and have many names.

  • This is how I cluster them.

  • My research is primarily onchain and directly from victim reports. It is aided by reports and OSINT done by those tracking the malware, c2s, etc.

  • I often get it wrong bc the clustering and dynamic nature of DPRK is insane to keep track of. Don't take any of this as gospel. I am always learning.

🔑 SquidSquad - Fake VC Shit - DangerousPassword / Sapphire Sleet

📁 Date Incident Amt Stolen
🔑 2025-09-24 SBI Crypto Mining $20,283,197
🔑 2025-09-22 UXLINK $44,112,708
🔑 2025-09-19 Sep 19 Theft $160,000
🔑 2025-09-19 Ross Gates $150,000
🔑 2025-09-12 Sep 12 Theft $1,137,772
🔑 2025-09-10 Request / Singularity $3,000,000
🔑 2025-09-09 JP Thor $2,435,000
🔑 2025-09-06 Individual AN5 $420,000
🔑 2025-09-01 Venus Whale $27,000,000
🔑 2025-09-01 OlaXBT $2,206,525
🔑 2025-08-13 Rena $405,938
🔑 2025-08-08 Newfuture $100,000
🔑 2025-08-06 Individual Theft $2,738,690
🔑 2025-07-04 Individual DD $544,086
🔑 2025-06-30 June 30 2025 Theft $1,277,499
🔑 2025-06-29 VALR API Key Trade Extraction $100,00
🔑 2025-06-26 June 26 2025 Theft $1,316,809
🔑 2025-06-22 Sololabs $963,000
🔑 2025-06-21 June 21 2025 Theft $54,000
🔑 2025-06-14 Clober $1,391,963
🔑 2025-06-12 June 12 2025 Theft $330,388
🔑 2025-06-12 Medhi $230,000
🔑 2025-05-24 TAO Founder $5,116,358
🔑 2025-05-20 Individual M6 $1,200,000
🔑 2025-05-19 MarketAcross $560,000
🔑 2025-05-16 Unknown JUP Holder $3,360,880
🔑 2025-04-23 Unknown April 2025 Theft $525,000
🔑 2025-03-21 Zoth $8,361,915
🔑 2025-03-14 Huge March 2025 Theft $171,000,000
🔑 2025-03-07 Founder/CEO of B3 $3,186,200
🔑 2025-02-28 Fantom Reuse Address $3,200,000
🔑 2025-02-28 Founder/CEO of A6 $410,000
🔑 2025-02-05 Unknown Feb 2025 $610,000
🔑 2025-02-05 Russell $1,125,700
🔑 2025-01-20 Unknown Jan 2025 $1,700,000
2025 TOTAL $310,713,628
🔑 2024-12-30 Napier Founder $500,000
🔑 2024-12-18 Rainfi $2,009,331
🔑 2024-12-17 Zigcoin $400,000
🔑 2024-12-16 SyFu $1,936,593
🔑 2024-12-16 Uknown Dec 2024 Theft $1,000,000
🔑 2024-12-11 Founder/CEO of O6 $500,000
🔑 2024-11-29 MAK / Metacene $2,056,995
🔑 2024-11-25 TON Dude $14,000,000
🔑 2024-10-23 Theft from Individual M4 $1,400,000
🔑 2024-10-18 Fake Hack VC Thefts $372,000
🔑 2024-09-25 Truflation $5,000,000
🔑 2024-09-20 Dexnet $459,484
🔑 2024-09-13 Adot $300,000
🔑 2024-08-30 Metaschool $212,182
🔑 2024-08-16 Theft from Individual A4 $2,500,000
🔑 2024-07-24 Bmer01915811 $465,636
🔑 2024-07-22 Founder/CEO of I4 $1,500,000
🔑 2024-06-28 Theft from Individual C4 $400,000
🔑 2024-06-11 Theft from Individual C7 $4,200,000
🔑 2024-05-15 ALEX Labs $4,300,000
🔑 2024-03-20 Huge March 2024 Theft $90,000,000
🔑 2024-03-13 NFPrompt $10,400,000
2024 TOTAL $143,912,221
🔑 2023-12-10 Degen Reborn $164,000
🔑 2023-11-10 Samudai $1,100,000
🔑 2023-10-26 Maverick $8,300,000
🔑 2023-10-17 Fantom Foundation $7,624,588
🔑 2023-08-16 Coinshift $2,900,000
🔑 2023-08-07 Steadefi $1,140,000
2023 TOTAL $21,228,588
🔑 2022-10-31 Oct 31 2022 Theft $183,000
🔑 2022-10-17 Darshan $1,750,000
🔑 2022-10-11 Algorand $750,000
🔑 2022-09-07 GERA Coin $142,000
🔑 2022-08-05 deBridge (Attempt) $0
🔑 2022-04-07 Wonderhero $1,025,000
🔑 2022-03-22 Arthur_0x $1,700,000
🔑 2022-02-10 Feb 10 2022 Theft $300,000
🔑 2022-01-27 ANKR founder $1,799,228
2022 TOTAL $7,649,228
🔑 2021-11-26 SCC $60,862
🔑 2021-11-03 bZx $55,000,000
🔑 2021-11-01 YFETH Admin Key $200,000
🔑 2021-10-28 Metaplay / Polyplay $1,710,991
🔑 2021-10-08 MGNR $24,100,000
🔑 2021-08-01 Aug Sept Oct 2021 Hacks $2,000,000
🔑 2021-07-14 Bondly Finance $8,500,000
🔑 2021-06-21 Market Maker $13,682,000
🔑 2021-06-07 Fetch AI $2,600,000
🔑 2021-06-03 NAOs Finance $750,000
🔑 2021-05-17 FinNexus $7,000,000
🔑 2021-04-19 EasyFi Founder $81,000,000
🔑 2021-04-02 Mudge / Etna / Mokens Deployer $1,000,000
🔑 2021-03-16 GaijinEagle $446,898
🔑 2021-02-18 BOLT Token Holder $42,000
2021 TOTAL $198,092,751
🔑 2020-12-14 Hugh Karp / Nexus Mutual $8,000,000
🔑 2020-11-13 L2 Theft $893,000
🔑 2020-10-16 LEAD Wallet Token $50,000
🔑 2020-10-06 CoinMetro $740,000
🔑 2020-09-25 Two Key Economy? $100,000
🔑 2020-09-11 Unibright $500,000
🔑 2020-08-29 Tap Global $Unknown
🔑 2020-08-19 FundRequest FND $326,000
🔑 2020-08-24 Coinberry $370,000
🔑 2020-08-18 Hobocrypt $134,000
2020 TOTAL $11,113,000
🔑 2019-09-25 Algo Capital $2,000,000
🔑 2019-08-26 Individual Serej $20,000
🔑 2019-07-01 CoinTiger $272,000
🔑 2019-03-25 Coinbene $105,000,000
🔑 2019-01-14 Cryptopia $16,000,000
🔑 2018-11-04 Kryptono $270,000
🔑 2018-10-20 Trade.io $10,000,000
🔑 2018-08-09 Klickl / IDCM $620,000
🔑 2018-08-07 BTC Markets $3,500,000
🔑 2018-07-09 Bancor $23,500,000
🔑 2018-06-16 G13 Theft $275,000
🔑 2018-05-29 Taylor ICO $1,700,000
🔑 2018-04-25 OBZ ICO $Unknown
🔑 2018-04-19 E7 Theft $5,000,000
🔑 2018-03-18 Cypherium $8,500,000
🔑 2017-12-06 NiceHash $65,000,000
🔑 2017-09-23 Coinis $2,190,000
🔑 2017-07-01 Korbit $Unknown
2019-2017 TOTAL $243,847,000

🔐 DangerousPassword - Job Shit

  • Apparently also DangerousPassword shit but is completely separate onchain so we keep it off to the side a bit.
  • Astrill, Mullvad. Tornado Cash to Wormhole or eXch. Gets lost in Tornado with all the other DPRK shit.
📁 Date Incident Amt Stolen
2023-06-11 A Large Theft / Investment Platform $17,600,000
2023-09-28 Unidentified Company $3,000,000
🔐 2023-11-19 Kronos $26,000,000
2023 TOTAL $46,600,000
🔐 2024-02-13 Duelbits $4,600,000
🔐 2024-04-29 Rain $16,300,000
🔐 2024-07-24 T6 $400,000
🔐 2024-10-31 M2 $13,000,000
2024 TOTAL $34,300,000
🔐 2025-02-17 Ripio $9,400,000
2025-05-09 BitoPro $12,300,000
2025 TOTAL $21,700,000

👛 TraderTraitor - Jade Sleet / Slow Pisces / UNC4899

  • The big boys, the insane on-chain laundry sessions.
  • Targets technical / backend guys with fake job offers or requests for help.
📁 Date Incident Amt Stolen
👛 2025-08-14 BTCTurk $55,000,000
👛 2025-07-24 WOO X $14,038,066
👛 2025-07-15 BigONE $27,000,000
👛 2025-02-21 Bybit $1,500,000,000
👛 2025-01-23 Phemex $85,085,704
2025 TOTAL $1,681,123,770
👛 2024-11-28 XT $1,700,000
👛 2024-09-19 BingX $45,000,000
👛 2024-09-10 Indodax $22,000,000
👛 2024-07-18 Wazirx $230,000,000
👛 2024-07-01 Kyrrex $13,500,000
👛 2024-06-22 CoinStats $2,300,000
👛 2024-05-31 Bitcoin DMM $305,800,000
2024 TOTAL $620,300,000
👛 2023-11-22 HTX / Heco $116,000,000
👛 2023-11-10 Poloniex $130,000,000
👛 2023-09-12 CoinEx $54,000,000
👛 2023-09-04 Stake $41,000,000
👛 2023-07-22 Alphapo + Coinspaid $97,000,000
👛 2023-06-03 Atomic Wallet $121,000,000
2023 TOTAL $559,000,000
👛 2022-06-24 Harmony Horizon Bridge $105,000,000
👛 2022-04-14 Ronin Bridge $620,000,000
2022 TOTAL $725,000,000
👛 2021-08-18 Liquid Global $91,000,000
👛 2021-06-23 Coinsquare $22,620,000
2021 TOTAL $113,620,000
👛 2020-12-21 Exmo $10,500,000
👛 2020-09-26 Kucoin $275,000,000
👛 2020-09-07 Eterbase $5,400,000
👛 2020-08-07 New York Financial Services Company $11,800,000
2020 TOTAL $302,700,000
👛 2019-11-27 Upbit $48,500,000
👛 2019-06-30 Bitcoin Norway (AlphaPoint) $500,000
👛 2019-03-26 BiKi $12,300,000
👛 2019-03-23 Etbox $132,000
👛 2019-Mar-?? Bithumb $16,000,000
👛 2018-09-14 Zaif $59,000,000
👛 2018-09-01 Indodax $24,900,000
👛 2018-06-09 Coinrail $37,000,000
👛 2018-Jun-?? Bithumb $31,500,000
👛 2018-04-12 Coinsecure $3,500,000
👛 2017-07-15 2017 Cryptojacking Incidents $Unknown
👛 2017-05-12 Wannacry $Unknown
👛 2017-01-01 Bithumb $14,000,000
👛 2017-01-01 Youbit aka Yapizon aka Coinbin $7,450,000
👛 2016-10-13 Bitcurex $1,500,000
2019-2016 TOTAL $256,282,000

🍎 Applejeus - Citrine Sleet / Gleaming Pisces / UNC4736

  • aka: Gleaming Pisces, Labyrinth Chollima, Hidden Cobra, DEV-0139
  • Has been active since at least 2018. Today they aren't seen hacking as much. They seem to sometimes have a relationship with ITW or Contagious Interview guys? They also have shitcoin farms but we don't talk about that.
  • Nick Franklin has his own folder. Because he's special.
📁 Date Incident Amt Stolen
🍎 2024-10-16 Radiant $58,000,000
2023-11-07 NFT Phishing $1,077,186
🍎 2023-07-01 PolyNetwork $10,000,000
🍎 2022-11-02 Deribit $28,000,000
🍎 2021-07-13 Advcash $14,000,000
🍎 2021-07-13 Tower Capital $Unknown
🍎 2021-05-12 990.1 BTC $55,600,000
🍎 2021-01-22 Indodax ATO $2,830,000
🍎 2019-03-24 DragonEx $7,090,000
🍎 2018-04-21 Gate.io $234,000,000
2024-2018 TOTAL $410,597,186

💼 DPRK IT Workers

📁 Date Incident Amt Stolen
💼 2025-09-11 Shibarium $2,000,000
💼 2025-06-25 Favrr $650,000
💼 2025-06-19 Bunzz $5,500
💼 2025-06-18 Chainsaw $350,000
💼 2025-05-08 LND FI $500,000
2025 TOTAL $3,505,500
💼 2024-03-29 Solareum $1,114,813
💼 2024-03-26 Munchables $62,000,000
2024 TOTAL $63,114,813
💼 2023-10-05 Blockbusters Tech $Unknown
💼 2023-04-26 Merlin DEX $1,800,000
💼 2023-04-10 Terraport $3,900,000
💼 2023-01-01 Various 2023 Rug Pulls $350,000
2023 TOTAL $6,050,000
💼 2022-12-01 Pixelcraft Potential IT Worker $0
💼 2022-02-04 DEPO ITW Theft $1,723,632
💼 2022-01-11 MetaPlay ITW Theft $2,700,000
2022 TOTAL $4,423,632
💼 2021-08-12 DAO Maker $7,000,000
💼 2021-03-05 Paid Network $160,000,000
💼 2018-01-01 Marine Chain $Unknown
2021 TOTAL $167,000,000

🎙️ Contagious Interview

  • "Willo" Job Campaigns, Bybit assessment, trevorgreer, Beavertail, Invisible Ferret
  • Connects cases onchain. Is a real fucking mess. Stargate / Defiway / RhinoFi / Railgun / Dust Collectors.
📁 Date Incident Amt Stolen
🎙️ 2025-09-23 Seedify $1,700,000
🎙️ 2025-08-14 AreonX $200,000
🎙️ 2025-08-11 Unknown Canadian Victim $250,000
🎙️ 2025-07-23 Malicious Blackbaud Moon Monkey Repo $120,000
🎙️ 2025-07-17 Open Fabric $241,000
🎙️ 2025-07-10 Malicious Store-V Repo $44,000
🎙️ 2025-06-27 Noya AI $236,000
🎙️ 2025-06-22 Hacken HAI Token Mint $267,000
🎙️ 2025-06-03 SpaceM $187,090
🎙️ 2025-04-29 Malicious BbaudConferenceDV Repo $7,919
🎙️ 2025-04-25 Malicious Du-store Repo $217,190
🎙️ 2025-04-23 Oxya Admin Key Mint $45,221
🎙️ 2025-04-14 Atlos $10,000
🎙️ 2025-02-15 Misc CI Thefts $Unknown
🎙️ 2025-01-09 Crypto Staker Theft $13,000
2025 TOTAL $3,538,420
🎙️ 2024-12-12 Willo Campaign $64,020
🎙️ 2024-12-05 Fake UltraX Dex Job Scam $110,000
🎙️ 2024-11-15 Nov 15 Contagious Interview $Unknown
🎙️ 2024-10-31 Scallop $165,000
🎙️ 2024-10-30 Bitbucket Dev Scam $Unknown
🎙️ 2024-10-18 Tapioca $4,700,000
🎙️ 2024-09-20 Masa $175,000
🎙️ 2024-09-19 NiiFi $Unknown
🎙️ 2024-09-13 HODL Token $160,000
🎙️ 2024-08-07 Nexera $1,900,000
🎙️ 2024-08-07 Bitgert / BRISE $437,000
🎙️ 2024-05-29 SpaceCatch $200,000
🎙️ 2024-05-28 HYVE $100,000
🎙️ 2024-05-06 Genius / GNUS Token $1,262,630
🎙️ 2024-04-11 Endblock $72,000
🎙️ 2024-04-02 Unknown Apr Victim $815,000
🎙️ 2024-03-16 Wilder World $2,314,583
🎙️ 2024-03-13 CloudAI $309,400
🎙️ 2024-03-05 MurAll $278,000
🎙️ 2024-02-28 Braintrust Job Dev Scam $100,000
🎙️ 2024-02-27 Serenity Shield $586,000
🎙️ 2024-02-01 Linkedin Job Dev Scam $200,000
🎙️ 2024-01-25 Wall Street Memes $2,500,000
🎙️ 2024-01-22 ConcentricFi $1,720,000
2024 TOTAL $18,168,633
🎙️ 2023-12-28 Upwork Developer Jobs Scams $550
🎙️ 2023-12-12 OKX Dex $2,390,976
🎙️ 2023-11-14 UnoRe DAO $219,000
🎙️ 2023-11-10 Waygate $200,000
🎙️ 2023-08-17 SPooCK $38,032
2023 TOTAL $2,848,558

Other People's Lists

Chainalysis

TRM

United Nations Security Council

PDFs - Indictments & Formal Reports

https://github.com/tayvano/lazarus-bluenoroff-research/tree/main/pdfs

All PDF Reports

Date Document
2025-06-30 US v. Joshua Palmer, Bryan Cho, Bong Chee, Peter Xiao
2025-06-25 US v. more DPRK IT Worker Facilitators
2025-06-18 US v. ~225,364,961 USDT
2025-06-05 US v. Virtual Currency Associated With North Korean IT Worker Money Laundering And Sanctions Evasion Conspiracies
2025-05-26 TRM: All Roads Lead to China
2025-05-14 Exposing DPRK's Cyber Syndicate and Hidden IT Workforce
2025-03-06 Garantex Indictment
2025-02-24 Bybit Interim Investigation Report - Sygnia
2025-02-24 Bybit Incident Investigation Preliminary Report - Verichains
2025-01-25 US Forfeiture - Solareum - US v 942,462.845 USDT
2025-01-01 Joint Statement on Cryptocurrency Thefts by the Democratic People’s Republic of Korea and Public-Private Collaboration
2024-10-04 US Forfeiture - Ronin Funds
2024-10-04 US Forfeiture - Derbit Funds
2024-08-08 US v DPRK IT Workers (Nashville Laptop Farm)
2024-05-16 US v DPRK IT Workers (Chapman Laptop Farm)
2023-11-30 Recorded Future: Crypto Country
2023-11-23 Kim Jong Un's New Maybach
2023-11-20 FinCEN v Binance Consent Order
2023-11-01 USA v Binance
2023-11-01 NCSC: 3CX IOCs
2023-10-13 Operation Dream Magic
2023-10-18 ⭐ USA v DPRK IT Workers 1134350
2023-10-18 USA v DPRK IT Workers 5 Domain Names
2023-10-18 USA v DPRK IT Workers 397674
2023-10-18 USA v DPRK IT Workers 12 Domain Names
2023-10-04 Lazarus Campaigns and Backdoors
2023-06-22 Recorded Future: NK Cyber Strategy
2023-06-05 SEC v Binance
2023-04-18 ⭐ USA v SIM HYON SOP Indictment CR-00128
2023-04-18 ⭐ USA v SIM HYON SOP et al Indictment CR-00129
2023-03-04 Mandiant: APT43 Report
2022-12-31 DPRK Overseas IT Workers
2022-12-01 WithSecure: Lazarus No Pineapple Threat Intelligence Report 2023
2022-05-16 OFAC: DPRK IT Workers Advisory
2021-09-02 North Korean Cyberattacks
2021-04-09 ATA 2021 Unclassified Report
2021-03-01 North Korea IB
2021-01-01 North Korea Military Power
2020-12-08 ⭐ USA v JON CHANG HYOK PARK JIN HYOK CR-00614
2020-11-17 USA v Ghaleb Alaumary CR-00576.5
2020-11-17 USA v Ghaleb Alaumary CR-00576.1
2020-09-30 Unveiling the Cryptomimic
2020-08-27 ⭐ USA v 280 Virual Currency Accounts - Complaint CV-2396
2020-07-01 ATP7 100 2
2020-06-25 USA v Abbas - Complaint
2020-06-01 CryptoCore Group
2020-03-02 ⭐ USA v 113 Virtual Currency Accounts - YINYIN Complaint CV-20606
2020-02-19 Lexfo The Lazarus Constellation
2020-02-05 USA v FTB
2020-02-01 North Korea Cyber Operations
2020-01-01 Recorded Future: Internet
2019-11-21 Demystifying the “DangerousPassword” of the APT Organization
2019-01-29 ATA SFR SSCI
2019-01-01 How DPRK Created Most Effective Cyber Forces
2018-10-01 North Korea CEEW
2018-06-08 ⭐ USA v PARK JIN HYOK
2018-03-01 Fireeye: APT37 The Overlooked North Korean Actor
2018-01-01 How DPRK Created The World’s Most Effective Cyber Force
2018-01-01 CRS R44912
2017-08-01 US Army: North Korean Cyber Support
2017-05-30 GroupIB: Lazarus Arisen
2017-04-03 Kaspersky: Lazarus Under The Hood PDF final
2016-08-09 Korean Special Asymmetric Paramilitary Forces
2015-12-16 CSIS North Koreas Cyber Operations
2014-12-01 HPSR Security Briefing North Korea
2014-02-01 KEI aps mansourov
2010-03-01 Criminal Sovereignty Understanding North Korea
2019 North Koreas Cyber Threat: The All Purpose Sword
2013-05-01 North Korean Strategic Strategy Combining Conventional Warfare with Asymmetrical Effects of Cyber Warfare
2007 CHRG 109shrg28241

UN Security Council Reports

Date Document
2024-03-01 UN Security Council: 2023 Year End Report
2023-09-01 UN Security Council: 2023 Midterm Report
2023-03-01 UN Security Council: 2022 Year End Report
2022-09-01 UN Security Council: 2022 Midterm Report
2022-03-01 UN Security Council: 2021 Year End Report
2021-09-01 UN Security Council: 2021 Midterm Report
2021-03-01 UN Security Council: 2020 Year End Report
2020-09-01 UN Security Council: 2020 Midterm Report
2020-03-01 UN Security Council: 2019 Year End Report
2019-09-01 UN Security Council: 2019 Midterm Report
2019-03-01 UN Security Council: 2018 Year End Report
2018-03-01 UN Security Council: 2017 Year End Report
2017-09-05 UN Security Council: 2017 Midterm Report
2017-03-01 UN Security Council: 2016 Year End Report
2016-02-24 UN Security Council: 2015 Year End Report

US v 113 Virtual Currency Accounts (2020)

  • Also covered by OXT Research (corrections to some of this below)
Identifier Entity Date / Defendant Property
Exchange 1 Gate.io Hack (10k BTC, $230m total) April 21, 2018
Exchange 2 Youbit Hack ("17% Assets") April 22nd, 2017
Exchange 3 Upbit Hack (342,000 ETH) November 27, 2019
Exchange 4 Coinrail Hack ($40m) Summer 2018
VCE 1 HitBTC/Changelly DP 63-64
VCE 2 KuCoin DP 112
VCE 3 Bittrex DP 50-52
VCE 4 Yobit DP 92-111
VCE 5 Huobi DP 65-70
VCE 6 CoinCola DP 55-62
VCE 7 Paxful DP 83-84
VCE 8 LocalBitcoin DP 71-80
VCE 9 P2Pb2b DP 113
VCE 10 Binance DP 44-49
VCE 11 Poloniex DP 85-90
VCE 12 Unknown DP 53-54

USA v 280 Virual Currency Accounts - Complaint CV-2396 (2020)

Identifier Entity Quote
Exchange 2 Upbit (Victim) On November 27, 2019 342,000 ETH was stolen from Exchange 2.
Exchange 3 CoinTiger (Victim) On July 1, 2019, 400m PTT Tokens were stolen
Exchange 4 HitBTC (Laundry) All deposit activity for Target Actor 1’s account at Exchange 4 occurred on or about July 1, 2019, the same day as the theft from Exchange 3. The PXG and IHT deposits (17,829,785 PXG @ 2019-07-01 8:42 + 137,793 IHT @ 2019-07-01 13:22) came directly from the theft at Exchange 3.
Exchange 5 BiKi (Laundry) 1BHnp77MqZGGFaCGQ9J4GhLstPUeBshVcc also received approximately 15 BTC from accounts at Exchange 3 (CoinTiger), Exchange 5 (BiKi), and Exchange 6 (Huobi)
Exchange 6 Huobi (Laundry) The 4,342,294.43 Yee (“YEE”), 171,145.04 All Sports Coin (“SOC”), 71,237.03 StatusNetworks (“SNT”), and 23,300.29 Cortex Coin (“CTXC”) stolen from CoinTiger were deposited to an account at Exchange 6 on or about July 2, 2019 at 10:29, 22:32, 10:42, and 07:13 respectively. - 0x1016b7835d409692e02ed2035e053fbfb4602982
Exchange 7 KuCoin (Laundry) 0x2dbc0f6b71e341c7eca01c5287eb57af3038a9c5 also received approximately 41,702 USDT from an account at Exchange 7” via 14 transactions between August 12, 2019 and August 14, 2019. - e.g. txn 0xa690bf67b9347ac0ca155a473df26d91b20a62acc63546863dae0b1418c11782
Exchange 8 Switchain (Laundry) 0x2dbc0f6b71e341c7eca01c5287eb57af3038a9c5 sent the USDT to Exchange 8, converted to BTC, and withdrawn to 1BHnp77MqZGGFaCGQ9J4GhLstPUeBshVcc. On or about December 20, 2019, Exchange 8 received approximately 8.65658 ETH that was converted to 0.15012721 BTC e.g. txn bf4f4c33fb1613524ad72cd082adb42d1816b1aef8907ce30b73bf9b78078c94
Exchange 9 Changelly? (Laundry) In December 2019, Target Actor 1 attempted to convert ETH to BTC through a cryptocurrency trading platform “Exchange 9” which was designed to enable the transfer of one form of cryptocurrency in exchange for another. The stolen REP in 0x2DBC0f6B71e341C7Eca01c5287Eb57AF3038A9c5 was then sent to Exchange 9, converted to BTC, and also withdrawn to cluster 1BHnp. The funds associated with Order ID 6918d31f-097c-4afe-8d06-054dd38a34ac are currently frozen at Exchange 9, pursuant to their own internal policies.
Exchange 10 Algo Capital (Victim) U.S. Algorand crypto company hacked on September 25, 2019 - Defendant Property 25–130
Exchange 11 Binance (Laundry) The photos submitted to Exchange 11 were likely stolen during the 2018 hack of a U.S.-based CEX where IDT Victim 1 was a customer.
Exchange 12 Unknown Algo Capital's Binance Account also sent approximately 2.0285 BTC to an account at Exchange 12.

USA v PARK JIN HYOK (2018)

  • Chosun Expo
  • Sony Pictures Entertainmnet
  • Mammoth Screen
  • AMC Pictures
  • WannaCry
  • Lockheed Martin
  • Bangladesh Bank
  • Philippine Bank

USA v JON CHANG HYOK PARK JIN HYOK CR-00614 (2020)

Entity Description
Sony Pictures Sony Pictures Entertainment Inc.
AMC Theatres
Mammoth Screen A United Kingdom television production company
African Bank A bank headquartered in a country in Africa
Bangladesh Bank The central bank of Bangladesh, was headquartered in Dhaka, Bangladesh
Bancomext aka Banco Nacional De Comercio Exterior A Mexican state-owned bank headquartered in Mexico City, Mexico
Maltese Bank A bank headquartered in Malta
BankIslami aka BankIslami Pakistan Limited A bank headquartered in Karachi, Pakistan
New York Financial Services Company A financial services company headquartered in New York, New York
Polish Financial Supervision Authority The financial regulatory authority for Poland, and was based in Warsaw, Poland
Philippine Bank A bank headquartered in Makati, Philippines
Far Eastern International Bank A bank headquartered in Taipei, Taiwan
Vietnamese Bank A bank headquartered in Hanoi, Vietnam
Indodax aka Indonesian Cryptocurrency Company A cryptocurrency exchange based in Jakarta, Indonesia
South Korean Cryptocurrency Company A cryptocurrency exchange based in the Republic of Korea
NiceHash aka Slovenian Cryptocurrency Company A crypto-mining company headquartered in Ljubljana, Slovenia
Central American Online Casino 1 An online casino business headquartered in a Central American country
Central American Online Casino 2 An online casino business headquartered in a Central American country

UN Security Council's 2019 Midterm Report

Date Location / Bank Details
Dec 2015 Guatemala Reported loss of $16M USD
Dec 2015 Vietnam
Tien Phong Bank		 Attempted theft of more than 1 million Euro ($1.1M USD) of funds through fraudulent SWIFT messages according to statement Tien Phong Bank later issued
Feb 2016 Bangladesh
Bangladesh Bank		 Attempted theft of $951M USD
May 2016 South Africa / Japan
Standard Bank		 Reported theft of $18M USD from Standard Bank that caused a malfunction of the system shortly before the cash was withdrawn from ATM machines at convenience stores in Tokyo and 16 prefectures across Japan with forged cards made with data stolen from credit cards issued by the bank. A reply from the Government of Japan to the Panel dated 25 July 2019 stated, “As of 9 July 2019, approximately 260 suspects, including organized crime group members, have been arrested, and the total amount of the cash illegally withdrawn from the ATMs across Japan was approximately 1.86 billion yen. The suspects used forged cards with data of roughly 3,000 pieces of customer information stolen from the Standard Bank in the Republic of South Africa, in order to withdraw cash from approximately 1,700 ATMs located in Tokyo and 16 prefectures across Japan. The case is still under investigation.”
Jul 2016 India Attempted theft of $166M USD using tactics and techniques similar to February 2016 attack on Bangladesh Bank. Funds were transferred to the Canadia Bank Plc and RHB IndoChina Bank Ltd in Cambodia, the Siam Commercial Bank in Thailand, Bank Sinopac in Taiwan Province of China, and a bank in Australia (routed by Citibank New York and JP Morgan Chase New York).
Jul 2016 Nigeria Attempted theft of $100M USD
Oct 2017 Tunisia Attempted theft of $60M USD
Oct 2017 Taiwan
Far Eastern International Bank		 Attempted theft of $60M USD from Far Eastern International Bank. All but $500,000 recovered by the bank
Jan 2018 Mexico
Bancomext		 Attempted theft of $110M USD from Bancomext
Jan 2018 Costa Rica Attempted theft of $19M USD. “A private financial institution experienced an alleged cyberattack in Costa Rica in January 2018. An investigation has been launched by the Offic e of the Public Prosecutor's Division on Fraud. On July 17, 2019, the Division delegated the investigation to the Ministry of Science, Technology and Telecommunication. Because the investigation is still ongoing, it is not possible for the Mission to provide the Panel with any result.”
Feb 2018 India
City Union Bank		 Attempted theft of $16.8M USD from City Union Bank using techniques similar to February 2016 attack on Bangladesh Bank.
Mar 2018 Malaysia Attempted theft of $390M USD. 29 March 2018 cybersecurity incident involving attempted unauthorized fund transfers using falsified SWIFT messages
May 2018 Chile
Banco de Chile		 Theft of approximately $10M USD from Banco de Chile through unauthorized transactions using SWIFT, mainly to Hong Kong. The hackers distracted bank employs from the theft by using malware to render 9000 bank owned computers inoperable.
Jun 2018 Liberia Attempted theft of $32M USD
Aug 2018 India
Cosmos Bank		 Reported theft of $13M USD through attack on Cosmos Bank through simultaneous ATM withdrawals across 23 countries in five hours as well as the transfer of 139 million Rupees to a Hong Kong-based company’s account in three unauthorized SWIFT transactions. On 8 October 2018 the United States included this and other similar DPRK attacks in its alert regarding the “FASTCash Campaign
Oct 2018 Chile
Redbanc		 Attack on Redbanc using malware called POWERRATANKBA. Sophisticated social engineering via LinkedIn, Skype.
Feb 2019 Malta
Bank of Valletta		 Attempted theft of $14.5M USD from the Bank of Valletta (BOV) on 13 February. Before being reversed, transfers were made to banks located in the UK, the US, Czech Republic, and Hong Kong, China. “phishing” activity using the same digital fingerprint had been detected since October 2018.
Feb 2019 Spain Attempted theft of $10.8M USD. Spain’s National Cryptologic Centre (CCN), under the National Intelligence Centre stated in its 2019 Cyberthreats and Trends report that hackers associated with the DPRK government conducted the largest number of reported cyberattacks against Spain in 2018.
Mar 2019 Gambia Attempted theft of $12.2M USD
Mar 2019 Nigeria Attempted theft of $9.3M USD
Mar 2019 Kuwait Reported theft of $49M USD
Feb 2017 Bithumb #1
ROK		 Theft of $7M USD in first attack on Bithumb
Apr 2017 Youbit #1
ROK		 Theft of $4.8M USD in first attack on Youbit (3618 Bitcoin)
May 2017 WannaCry
Global		 WannaCry attack resulted in Bitcoin laundered through Monero 144,000 USD (52 Bitcoin)
Jul 2017 Bithumb #2
ROK		 Reported theft of more than $7M USD in second attack on Bithumb including: 870,000 USD in Bitcoin and $7M USD in Bitcoin and Ethereum. National Intelligence Services attributed to the DPRK.
Summer 2017 Cryptojacking
ROK		 25,000 USD (70 Monero) through Monero cryptojacking / mining through illegal seizure of a Republic of Korea company server. According to a news article, an assessment by Kwak Kyoung-ju at the Republic of Korea Financial Security Institute attributed the seizure of a server at an ROK to a hacking unit called “Andariel”. Sam Kim, “North Korean Hackers Hijack Computers to Mine Cryptocurrencies” Bloomberg, 31 December 2017
May-Sep 2017 ROK ROK Police reported attacks on three cryptocurrency exchanges by DPRK actors and detailed that 25 employees at four different exchanges were targeted in 10 separate “spear phishing” attempts since July 2017
23 Sep 2017 Coinis
ROK		 Theft of undisclosed amount of Bitcoin in attack on Coinis. Possibly $2.19M USD. Total of $6.99M USD reported in losses from this and the April 2017 Youbit attack combined
Dec 2017 Youbit #2
ROK		 Theft of 17% of Youbit assets in second attack on Youbit. Youbit later declared bankruptcy as a result of hack.
Dec 2017 NiceHash
Slovenia		 Reported theft of $70M USD from the bitcoin mining company, NiceHash, which reported “a highly professional attack with sophisticated social engineering” that resulted in approximately $63.92M USD of Bitcoin being stolen.
Jun 2018 Bithumb #3
ROK		 Third attack on Bithumb. Bithumb announced in a since deleted tweet that hackers stole approximately $31 million. Proceeds were laundered through a separate crypto-currency exchange called YoBit.
Aug 2018 India Reported theft of $13M USD
Oct 2018 Bangladesh Attempted theft of 2.6M USD
Mar 2019 DragonEx
Thailand/Singapore/Hong Kong, China		 Reported theft of 9M USD from DragonEx. According to the company’s Twitter and LinkedIn accounts, it is based in Singapore. The LinkedIn page states, “Registered in Singapore, Operation Department headquartered in Bangkok.” However, Singapore indicated to the Panel that it does not currently have any registration information for a company under the name of DragonEx. Singapore further stated, “We note that DragonEx’s announcement of 27 March 2019 on its Telegram channel states that the Hong Kong Cyber Security and Technology Crime Investigation Bureau is investigating the incident.” DragonEx stated in its announcement of the cyberattack that it informed the judicial administrations of Estonia, Thailand, Singapore and Hong Kong. For more information on the attack, see http://www.coinwire.com/360-security-warns-about-lazarus-hacker-group and https://www.secrss.com/articles/9511
Mar 2019 Bithumb #4
ROK		 Reported theft of 20M USD in fourth attack on Bithumb (3M EOS and 20 million Ripple coins stolen worth $13.4M USD and 6M USD, respectively)
May 2019 UpBit
ROK		 UpBit attacked. No losses reported.

More Random Links

Purpose

  • no real purpose. i like rabbitholes, i'm weird. i've follow lazarus for a long, long time

  • i had multiple irl friends back in the day who worked at sony. now i have had multiple friends, founders, builders, users who have been rekt by these same fools, grown up

  • if you read about all the hacks and phishing campaigns in crypto, youre basically reading about lazarus, even if you dont know it

  • realizing there's guys on the other side of the world watching you...who likely know your product and codebase better than some of your own team members...guys who come from such a fundamentally different place than you do with regards to experience, ideology, motivation, and desires...and want to steal all your crypto...it's a lot

  • thus, i dive into my rabbithole for comfort. 🕳️🐇

  • gl.

About

a collection of north korean apt articles, analysis and heists attributed to lazarus / bluenoroff / apt38.

Resources

Readme

License

CC0-1.0 license
Activity

Stars

195 stars

Watchers

13 watching

Forks

14 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 3

  •  
  •  
  •