The Crypto Times

Crypto_Times_google_news-1
Nischal Shetty
WazirX

Lazarus Group: Unpacking The Hackers Behind The WazirX Breach & Other Global Crypto Heists

Madhavi Jain04 mins

In the realm of cyberspace, one name has consistently instilled fear across the digital finance landscape: the Lazarus Group. Believed to be backed by North Korea’s Reconnaissance General Bureau, this hacking collective has wreaked havoc and orchestrated some of the most audacious cyberattacks, siphoning billions from the crypto industry and fueling the regime’s sanctioned nuclear ambitions.

A Trail of Digital Devastation

Since its emergence in 2009, the Lazarus Group has evolved from targeting traditional financial institutions to exploiting vulnerabilities in the burgeoning crypto sector. Their operations are marked by a blend of sophisticated techniques, including:

  • spear phishing (masquerading as legitimate entities to deceive targets),
  • malware deployment (utilizing trojans to harvest credentials and infiltrate systems), and
  • the exploitation of smart contracts and blockchain bridges (identifying and leveraging vulnerabilities in decentralized platforms)

Some of the most notable attacks orchestrated by Lazarus Group include:

  • The 2022 Ronin Network breach, where they absconded with $625 million by compromising validator nodes.
  • In 2023, they targeted Atomic Wallet, stealing over $100 million from unsuspecting users.
  • The following year, India’s one of the largest crypto exchanges, WazirX, fell victim, losing approximately $235 million in a cyberattack.
  • Most recently, in 2025, they orchestrated a staggering $1.5 billion heist from Dubai-based Bybit Exchange, marking the largest crypto theft to date.

India’s Notable CyberAttack on WazirX by Lazarus Group

On July 18, 2024, India’s WazirX crypto exchange was hacked by the Lazarus Group, and this breach led to the loss of approx 45% of user-held crypto assets, causing significant disruption. Cybersecurity firm Cyfirma linked the digital fingerprints of the attack to Lazarus Group, citing overlaps in tactics, tools, and infrastructure with prior incidents.

Also, the United States, Japan, and South Korea released a joint statement on January 14, 2025, condemning the group’s actions, emphasizing the threat posed to global financial stability. They pledged collaborative efforts to thwart further cyberattacks and recover stolen assets.

Despite the scale of the breach, WazirX initiated a structured recovery roadmap. This included engaging global custodians, strengthening internal controls, and putting forth a Scheme of Arrangement. In April 2025, over 93% of creditors voted in favor of the proposal, signaling broad community support and paving the way for the platform’s relaunch.

The Road Ahead

The Lazarus Group’s activities underscore a pressing need for enhanced cybersecurity measures within the crypto industry. Experts advocate for enhanced security protocols, regular audits, and international cooperation to mitigate risks. For investors and platforms alike, vigilance remains paramount in an era where digital threats loom.

Related News

In the fast paced world of cryptocurrency, it is important to stay updated with cryptocurrency news, Web3 technologies, and blockchains. At Crypto Times, we offer you accurate, timely, and insightful news and changes in the crypto ecosystem that will empower you to navigate through the ever evolving world of Crypto.

Get In Touch

Newsletter

Stay up to date with our latest news, receive exclusive deals, and more.

Find Us on Socials

Facebook Twitter Youtube Instagram Linkedin Pinterest