Lazarus Group has been funding North Korea’s entire nuclear program with stolen crypto

North Korea’s nuclear weapons aren’t getting funded by coal or taxes. They’re being powered by stolen crypto. On July 18 2024, the North Korean government’s top hacking unit Lazarus Group broke into WazirX, India’s biggest crypto exchange.

In just over an hour, they disappeared with more than $200 million, moving faster than any human response could keep up with. They ran it like a military operation. The WazirX heist is one of many operations tied directly to Lazarus.

With more than $6 billion stolen over the past ten years, the group has become the single most dangerous crypto thief in the world, and according to a report from Wall Street Journal, their work helps keep Kim Jong Un’s regime running and bankrolls a nuclear program that’s now pushing ahead despite heavy international sanctions.

Lazarus is made up of North Korea’s brightest people

Benedict Hamilton, managing director at Kroll, the firm helping WazirX trace the theft, said the team’s speed and automation suggest the funds have likely already been converted into cash.

With nearly half its assets wiped out, the exchange had to shut down. A spokesperson for WazirX allegedly said they’re trying to recover user funds and relaunch as soon as possible.

Pyongyang’s best minds are placed inside Lazarus, and they don’t rush. They spend months—or years—scouting targets, creating fake profiles, and looking for just one opening.

To get into company systems, they look through employee Instagram pages, LinkedIn, and Facebook, then build customized scams to fool them into clicking infected links.

Some Lazarus members even apply for remote jobs in U.S. tech companies with fake identities, passing interviews, and working inside systems to gain access. These operations are state-backed and run like military campaigns.

Crypto theft is North Korea’s only working business

In February, of course, Lazarus pulled off its largest theft to date—$1.5 billion from Bybit, one of the biggest crypto exchanges in the world. In 2024 alone, North Korea was responsible for more than $6 out of every $10 stolen across the entire crypto sector, based on tracking from Chainalysis.

The country has built an entire cyber army for this. There are more than 8,000 full-time hackers, organized into military-style groups and supported by dozens of smaller departments, according to the Journal.

Kids who show promise in math or science are reportedly recruited early and trained. They don’t have side jobs. They work on hacking full-time.

Most of them live better than other citizens. But they’re also under constant pressure. Elma Duval, who co-authored a report from Seoul-based advocacy group PScore, interviewed former IT workers who said hackers are punished physically if they fail.

Kim Jong Il, the late dictator, once said that future wars would be fought with computers, and under his son’s regime, that vision has turned into a national strategy.

With traditional money sources like arms deals, coal smuggling, and foreign labor being crushed by international sanctions, North Korea had to find a new income stream. Their spy agency estimates that the country needs around $6 billion every year, including hundreds of millions for its nuclear weapons.

Crypto theft is fast, cheap, and hard to trace. Pyongyang has never taken public credit for any of these attacks. But U.S. officials said Lazarus keeps leaving behind identifiable malware, along with wallets reused from previous hacks.

Even though they try to vanish, the fingerprints are always there. This is the same group that U.S. agencies blamed for the Sony hack in 2014, the Bangladesh central bank theft in 2016, and the WannaCry ransomware attack in 2017.

Lazarus is now targeting crypto ETFs and job seekers

The FBI raised alarms in September that Lazarus was looking into firms linked to crypto exchange-traded funds. This part of the market had $37 billion in inflows last year alone, with people buying into funds from BlackRock, Fidelity, and others. The hackers were using malware-infested emails tailored to each victim.

In December, a U.S. court indicted 14 North Koreans for stealing American identities and landing jobs at U.S. tech companies and nonprofits. These Lazarus members called themselves “IT warriors,” and managed to earn $88 million in salaries, all sent straight back to North Korea. The jobs gave them direct access to company systems and data.

Several crypto companies confirmed they were hit by fake applicants. Ben Turner, head of engineering at Cloudburst Technologies, a crypto intelligence firm, said, “The sense we get is that North Korean hackers are increasingly around us.” His team said they’ve seen a noticeable uptick in suspicious applications.

Cryptopolitan Academy: Tired of market swings? Learn how DeFi can help you build steady passive income. Register Now