Lazarus Group

North Korea‘s elite hacking team

Our Origins

Our name was coined in 2014 by analytics firm Novetta in a report titled Operation Blockbuster: Unraveling the Long Thread of the Sony Attack. In this report, Novetta described how we managed to infiltrate Sony Pictures Entertainment‘s computer systems, ultimately stealing hundreds of terabytes of data.

Our Structure

We operates several units, each with their own specialities, all with the goal of generating revenue for the North Korean regime.
WageMole, commonly known as DPRK IT Workers, seek employment within companies in order to earn a salary.
Contagious Interview, Dangerous Password, and AppleJeus all employ social engineering in order to distribute malware.
TraderTraitor conducts highly sophisticated social engineering attacks against exchanges.

Notable Projects

Bybit - 2025

In 2025, TraderTraitor pulled off their biggest heist yet, stealing almost 1.5B USD from Bybit by compromising the Safe[Wallet] frontend.

TraderTraitorExchange

WazirX - 2024

In 2024, TraderTraitor compromised Indian exchange WazirX and stole over 230M USD. The root cause is unknown, but it is suspected that the WazirX signer devices had been compromised.

TraderTraitorExchange

DMM Bitcoin - 2024

In 2024, TraderTraitor compromised Japanese exchange DMM Bitcoin and stole over 300M USD of Bitcoin. The root cause is unknown.

TraderTraitorExchange

Poloniex and HTX - 2023

In 2023, TraderTraitor compromised Poloniex and HTX, stealing over 200M USD in total.

TraderTraitorExchange

Axie Infinity - 2022

In 2022, TraderTraitor stole over 600M USD from Axie Infinity by compromising a developer laptop under the guise of an coding challenge. From there, they pivoted internally and located a majority of the signing keys required to authorize a transaction

TraderTraitorBridge

Specializations

🕵️

Social Engineering

We are highly skilled in social engineering, leveraging job interiews, problems with video conferencing software, and sensitive documents as pretext.

🧑‍💻

Malware Development

We often deploy tailored malware onto victim devices, allowing for persistent access and increased damages

🔗

Money Laundering

We launders billions of dollars of stolen funds across a network of no-KYC exchanges and OTC desks, evading freezes and other sanctions

Operational Metrics

$6B+

Funds Stolen

50+

Protocols Compromised

100+

IT Workers