In the latest twist in the protracted saga of cybersecurity threats to the cryptocurrency space, North Korean hackers have made some of their most impressive gains yet in amassing an enormous store of Bitcoin . Following the recent Bybit attack, a notorious group of cybercriminals related to North Korea known as the Lazarus Group has successfully converted their stolen Ethereum into Bitcoin, now controlling a breathtaking 13,562 BTC. This stash of Bitcoin is currently worth roughly $1.14 billion, ensuring that North Korea is one of the biggest, if not the biggest, state-sponsored holders of Bitcoin anywhere in the world. After the Bybit attack, the North Korean hacker group has converted ETH into BTC and now owns 13,562 BTC, worth about $1.14 billion. North Korea's Bitcoin holdings have surpassed El Salvador (6,117 BTC) and Bhutan (10,635 BTC), becoming the third largest government entity in the… — Wu Blockchain (@WuBlockchain) March 16, 2025 North Korea’s Rise as a Bitcoin Giant The Lazarus Group, an entity closely tied to the North Korean regime, has long been associated with many notorious cyber crimes targeting worldwide cryptocurrency exchanges and organizations. Most recently, the group turned its focus on these cyber targets into making Bitcoin for themselves, converting Ethereum into Bitcoin and in the process further beefing up their already substantial Bitcoin holdings. Because of this latest operation, North Korea now holds 13,562 BTC and has surpassed both El Salvador and Bhutan in terms of the largest government Bitcoin holders, right behind the United States and the United Kingdom. To put this in perspective, the global leader is the United States with 198,109 BTC, while the United Kingdom comes in second with 61,245 BTC. El Salvador, which holds 6,117 BTC, and Bhutan, which holds 10,635 BTC, are way behind North Korea now. Looking at all these numbers, you can’t help but marvel at how North Korea has parlayed its cyber capabilities into a leading position in the world of crypto. In recent years, the Lazarus Group has carried out numerous attacks on cryptocurrency exchanges. Many of these operations, including the assault on the Coincheck exchange in Tokyo in January 2018, are believed to be state-sponsored. The group has a long and well-established track record of infiltrating platforms; stealing large and significant sums of digital fortune; and laundering it, and them, across various aliases, platforms, and wallets. The D.F.I.R. Lab from Cyber Kismet has directly implicated North Korean intelligence services in these activities. The international community is becoming ever more concerned over the role that cryptocurrencies might be playing in helping rogue states like North Korea evade worldwide financial regulations. North Korea’s impressive Bitcoin haul only intensifies that concern. It was already apparent that the hermit kingdom was actively engaging in the crypto space, trying to mine and steal as many coins as it could. But this week’s news suggests that North Korea might now have an unrealized BTC convertible wealth of more than $5 billion—largely untouched thanks to crypto’s untraceable private wallet feature. OKX Takes Action to Combat Lazarus Group’s Exploits OKX, which ranks among the world’s largest cryptocurrency exchanges, is now taking actions to protect its users. The company has announced a suspension of services for its DEX aggregator, in the wake of what appears to be a freshly uncovered plot by the North Korean hackers of the Lazarus Group to target DeFi platforms. NOW: OKX announced pausing its DEX aggregator temporarily after detecting a coordinated effort by Lazarus group to misuse its DeFi services. pic.twitter.com/u7hGG4rfAD — Cointelegraph (@Cointelegraph) March 17, 2025 It is suspected that the ill-begotten funds arising from the hacks of the past several months, including the $100 million cash haul from the Harmony Layer incident last June, are being funneled through DeFi platforms. The growing need for cryptocurrencies to be so well protected that they can be considered bulletproof is underscored by the world of DeFi, in which a virtual goldmine of unregulated services is ripe for the taking by anybody with the will—and the way—to do so. A group of hackers we know well indeed has by now not only used protection afforded by DeFi to go after centralized and heavily protected crypto outfits like CoinEx; they’ve also—in pursuing that double-take operation—gone after the very regulators and virtual police whose job is to keep the crypto world safe. Decentralized finance, or DeFi, has become a key target for hackers. DeFi platforms, which are built to be decentralized and operate without central authority, are not yet sufficiently secured. And the reason for that is the same reason that a relatively wide range of DeFi platforms have become unsecured: They are underregulated and, in some cases, completely unregulated, with the way that financial authorities interact with platforms built on blockchain technology often resembling the way that financial authorities used to interact with platforms that operated in the Internet wild west of the late 1990s. The issue of hackers targeting DeFi platforms has raised some pretty big alarm bells. The Growing Threat of State-Sponsored Cybercrime The Lazarus Group is continuing to grow its cryptocurrency portfolio, and this is making something very clear: State-sponsored cybercriminals are a significant and possibly growing risk to the global crypto market’s stability and security. Doing what it evidently does best, the group has sent out a number of alarming signals lately that all is not well in the rapidly evolving cryptocurrency ecosystem. Exchanges for cryptocurrency, DeFi platforms, and regulatory bodies need to beef up their security infrastructure to push back against this ever-expanding threat. These actions must be taken both because of and in light of the fact that North Korea’s Bitcoin hoard now rivals and likely surpasses the holdings of several nation-states. Furthermore, as the actions of the Lazarus Group remind us, there’s really no way to secure the future of digital finance when potential avenues for further illicit activity in the crypto space remain open and largely unregulated. Bybit attack’s events and OKX’s response to it are a reminder of the importance of keeping a strengthened vigilance in the crypto industry. With attacks becoming an almost daily occurrence in this space, we have to face the fact that cybercrime is a growth industry. And it’s one that increasingly looks to exploit not just the crypto world but also the real currencies that increasingly are being used to fund the cybercriminals’ operations. Disclosure: This is not trading or investment advice. Always do your research before buying any cryptocurrency or investing in any services. Follow us on Twitter @nulltxnews to stay updated with the latest Crypto, NFT, AI, Cybersecurity, Distributed Computing, and Metaverse news !
