Key Takeaways
Who is behind most of North Korea’s cyberattacks?
The Lazarus Group, a state-backed hacking unit under North Korea’s intelligence agency, is behind many of the major crypto heists.
What was one of the biggest crypto thefts linked to North Korea?
In 2025, Lazarus hackers stole $1.4 billion in Ethereum and related tokens from Dubai-based Bybit.
The U.S. Treasury Department has tightened its grip on North Korea’s illicit financial network.
Recent announcement included new sanctions aimed at eight expatriate North Korean bankers. These individuals are accused of laundering stolen cryptocurrency to finance the regime’s weapons programs.
U.S. Treasury Department targets North Korea’s illicit financial network
According to a Treasury release dated the 4th of November, the sanctioned individuals, based mainly in China and Russia, were allegedly involved in moving proceeds from crypto thefts, ransomware operations and IT scams through global financial channels.
Secretary of the Treasury for Terrorism and Financial Intelligence John K. Hurley said,
“North Korean state-sponsored hackers steal and launder money to fund the regime’s nuclear weapons program.”
Additional reports further noted that Pyongyang-linked hackers have stolen nearly $3 billion in cryptocurrency over the past two years to fund the regime’s WMD and missile programs.
Who is the main culprit?
Much of the activity can be traced back to the Lazarus Group. This is a state-backed hacking unit operating under North Korea’s intelligence agency.
The group is known for several high-profile incidents and has recently shifted its focus to large-scale cryptocurrency thefts.
Earlier this year, Lazarus executed one of its biggest heists, stealing $1.4 billion in Ethereum [ETH] and related tokens from Dubai-based Bybit.
In response, the U.S. government intensified its crackdown on North Korea’s expanding financial crime network.
How are China and Russia involved?
The press release named eight North Korean bankers based in China and Russia. They laundered stolen crypto through shell firms and banks, including First Credit Bank and Ryujong Credit Bank.
Both institutions form part of Pyongyang’s sanctions-evasion network.
Two bankers, Jang Kuk Chol and Ho Jong Son, handled about $5.3 million in cryptocurrency from ransomware and IT schemes.
The Treasury also sanctioned Korea Mangyongdae Computer Technology Company (KMCTC). It hired developers in China using fake identities and sent up to half their income back to Korea.
North Korea’s crypto thefts
In fact, since 2024, North Korea has stolen nearly $2.84 billion in cryptocurrency, showcasing the regime’s growing cyber sophistication and global reach.
Its laundering networks now stretch across Asia and Eastern Europe, while IT operatives use AI-driven tactics to fuel Pyongyang’s weapons programs.
Therefore, as global losses mount, Seoul is also urging the international community to take coordinated action to curb North Korea’s expanding cyber-financing network.
Next: Justin Sun stakes $154M in Ethereum —Now holds more ETH than TRX
