The Lazarus Group, which was liable for the latest $1.5 billion Bybit hack, now holds 13,518 BTC price $1.13 billion, based on Arkham Intelligence.
This might make North Korea the fifth-largest nation-state to carry the asset behind the USA, China, the UK, and Ukraine, according to BitBO.
It might additionally make the cybercrime group’s holdings bigger than these of Bhutan and El Salvador, which maintain 13,029 BTC and 6,089 BTC, respectively.
Lazarus lately transformed a few of its stolen ETH into BTC, based on Arkham.
BREAKING NEWS: North Korea’s Lazarus group has transformed the stolen $ETH to $BTC after the Bybit hack, now holding 13,562 $BTC price round $1.12B per knowledge from @arkham. pic.twitter.com/DdNbcKd3oT
— Jason Ai. Williams (@GoingParabolic) March 17, 2025
Lazarus The Bitcoin Whale
Arkham additionally reports that Lazarus-linked wallets maintain 13,702 ETH price round $26 million, 5,022 BNB price $3 million, $2.2 million in DAI, and several other stablecoins and wrapped crypto belongings.
“We grind and HODL simply so {that a} hacker group can steal over $1B in crypto. It’s time for us to take the market again,” commented crypto investor Kyle Chassé.
North Korea-linked actors have stolen over $6 billion in crypto belongings since 2017, with the proceeds reportedly spent on the nation’s ballistic missile program, reported Elliptic earlier this month.
On March 13, it deposited 400 ETH (ETH) price round $750,000 on the time into the Twister Money mixing service, according to blockchain safety agency CertiK, which acknowledged, “The funds hint to the Lazarus group’s exercise on the Bitcoin community,” it famous.
Lazarus Group has additionally deployed six new malware packages to infiltrate developer environments, steal credentials, extract cryptocurrency knowledge and set up backdoors, based on analysis from cybersecurity agency Socket released final week.
The malware dubbed “BeaverTail” is embedded in packages that mimic reputable JavaScript libraries and targets cryptocurrency wallets, particularly Solana and Exodus.
The researchers stated that “the ways, methods, and procedures noticed on this npm assault intently align with Lazarus’s recognized operations.”
OKX Suspends DEX
In associated information, crypto change OKX suspended its Web3 decentralized change aggregator on March 17 following the detection of “a coordinated effort by Lazarus group to misuse our DeFi companies.”
Following the Bybit hack, OKX rolled out a hacker handle detection system for its Web3 DEX aggregator and a system to trace the attacker’s newest addresses and block them within the CEX system in real-time.
Final week, Bloomberg reported that the OKX DEX aggregator was used to launder $100 million in crypto linked to Lazarus and the hack.
Binance Free $600 (CryptoPotato Unique): Use this link to register a brand new account and obtain $600 unique welcome supply on Binance (full details).
LIMITED OFFER for CryptoPotato readers at Bybit: Use this link to register and open a $500 FREE place on any coin!
