Lazarus Group hacks individual crypto trader, steals $5.2 million
Lazarus Group steals $5.2M from crypto trader
North Korea’s infamous Lazarus Group has allegedly expanded its cybercriminal operations to target individual cryptocurrency investors.
A recent attack on May 24, 2025, led to the theft of over $5.2 million, marking a potential strategic pivot from institutional targets to retail-level traders, Cryptopolitan reported.
Key takeaways
- Lazarus Group stole over $5.2M from a single trader through malware, targeting personal crypto wallets.
- Funds laundered via Tornado Cash and fragmented across multiple wallets.
- Blockchain analysts estimate Lazarus-linked wallets still hold $1.1B in crypto reserves.
- Cyberattacks fund North Korea’s weapons program, according to UN investigations.
Heist marks strategic shift toward individual targets
Blockchain investigator ZackXBT revealed that the theft, carried out via malware, siphoned assets from various wallet types and funneled nearly 1,000 ETH through Tornado Cash—a privacy-focused crypto mixer known for laundering stolen assets. The heist signals increasing personalization and sophistication in Lazarus’ operational playbook.
Traditionally known for attacking institutions and exchanges, the Lazarus Group now appears to be targeting smaller, individual traders. The recent $5.2 million theft involved malware infiltrating multiple types of wallets—EOAs, multisig, and exchange wallets. According to ZackXBT, the assets were dispersed among three addresses, with one address alone holding $2.7 million in DAI.
Crypto laundering through Tornado Cash and THORChain
Once compromised, approximately 1,000 ETH was quickly routed through Tornado Cash. This laundering technique was previously employed in the $1.5 billion Bybit exchange hack, where nearly 500,000 ETH was washed within ten days.
Another address linked to Lazarus was found liquidating 40.78 WBTC for $3.5 million, which was then converted into ETH and distributed among multiple wallets.
Loading...
Geopolitical ramifications: Weaponizing crypto
Beyond the financial implications, these cyberattacks have a geopolitical dimension. The United Nations alleges that North Korea channels crypto profits from Lazarus Group operations into its nuclear and missile development programs. In 2024 Lazarus is estimated to have generated over $1.3 billion through 47 separate incidents, according to a Chainalysis report.
North Korean hackers stole $1.3 billion worth of crypto in 2024. Sourse: Chainalysis
As Lazarus Group’s tactics evolve to include individual traders, the crypto community faces heightened risks. With blockchain forensics continuing to trace stolen funds and regulators intensifying scrutiny, the ongoing cat-and-mouse game between cybercriminals and the global crypto industry is far from over.
As we previously reported, CZ reveals Lazarus Group billion-dollar Bitcoin holdings.
