PANews reported on April 1 that according to Cointelegraph, the encryption company Paradigm warned in a report titled "Unveiling the Mystery of the North Korean Threat" that North Korea's cyber warfare attacks on the cryptocurrency industry are becoming increasingly sophisticated, and the number of groups involved in such criminal activities is also increasing. The report pointed out that the cyber attacks launched by North Korea range from exchange attacks, social engineering attempts to phishing attacks and complex supply chain hijacking. In some cases, these attacks can last for as long as a year, and North Korean hackers will patiently wait for the opportunity.
Paradigm wrote that there are at least five North Korean groups behind these attacks: Lazarus Group, Spinout, AppleJeus, Dangerous Password and TraitorTrader. In addition, there is a coalition of North Korean hackers who have infiltrated tech companies around the world posing as IT workers.
The Lazarus Group has been behind some high-profile cyberattacks since 2016. According to Paradigm, the group attacked Sony and Bangladesh Bank in 2016, and helped orchestrate the WannaCry 2.0 ransomware attack in 2017. The group has also targeted the cryptocurrency industry, with the group attacking two crypto exchanges, Youbit and Bithumb, in 2017. In 2022, the Lazarus Group exploited the Ronin Bridge vulnerability, resulting in the loss of millions of dollars in assets. In 2025, the Lazarus Group stole $1.5 billion from Bybit, shocking the entire crypto community. The group may also be involved in some Solana meme coin scams.
