DPRK

2018-01-01

Lazarus Group designated on OFAC Specially Designated Nationals List under North Korea Sanctions Regulations

2022-03-23

Ronin Network (Axie Infinity) bridge hacked; 173,600 ETH and 25.5M USDC stolen (~$625M). Attack later attributed to Lazarus Group by U.S. Treasury

2022-04-14

U.S. Treasury (OFAC) sanctions Lazarus Group Ethereum wallet linked to Ronin Bridge hack; FBI and OFAC jointly attribute attack to DPRK

2022-04-22

CISA, FBI, and U.S. Treasury issue joint advisory AA22-108A on TraderTraitor, warning blockchain companies of DPRK targeting

2022-05-06

OFAC issues first-ever sanctions on a virtual currency mixer — Blender.io — for processing over $20.5M in Ronin hack proceeds

2022-06-24

Harmony Horizon Bridge hacked; $100M in crypto assets stolen. FBI later confirms Lazarus Group responsible

2023-01-13

North Korean actors use RAILGUN protocol to launder over $60M in ETH from Harmony Horizon Bridge hack; funds also routed through Tornado Cash

2023-06-01

Atomic Wallet breached; over $100M stolen from users. Blockchain analytics firms attribute attack to Lazarus Group

2023-11-01

OFAC sanctions Sinbad.io virtual currency mixer for laundering Lazarus Group funds from Ronin Bridge and Horizon Bridge heists

2024-05-31

DMM Bitcoin (Japan) loses $308M in Bitcoin via supply-chain attack traced to TraderTraitor operative posing as recruiter to compromise Ginco developer. FBI and Japan NPA jointly attribute the attack

2024-07-18

WazirX (India) loses $234.9M; Lazarus Group manipulates multisig smart contract during signing session. ZachXBT traces test transactions to July 10 and notes Tornado Cash funding of attacker addresses

2025-01-14

United States, Japan, and South Korea issue first-ever trilateral joint statement on DPRK cryptocurrency theft, citing over $659M stolen in 2024

2025-02-21

Bybit exchange hacked; ~499,000 ETH (~$1.5B) stolen via Safe wallet supply-chain attack. TraderTraitor actors inject malicious code targeting Bybit-specific transactions

2025-02-26

FBI issues IC3 PSA250226 attributing Bybit hack to North Korean TraderTraitor; releases 51 Ethereum addresses used in laundering. ZachXBT independently identifies Lazarus Group via wallet linkage and receives $50K Arkham bounty

2025-03-05

Lazarus Group alleged to have laundered 83% of stolen Bybit ETH (~$1B) through THORChain, converting to Bitcoin distributed across 6,954 wallets; THORChain earns ~$5.5M in fees. Several THORChain developers resign after community votes against blocking laundering

2025-12-01

North Korea-linked hackers confirmed to have stolen over $2.02 billion in 2025 — a 51% year-over-year increase — representing the worst annual total on record

2026-03-12

OFAC sanctions six individuals and two entities for DPRK IT worker fraud schemes; designates 21 cryptocurrency addresses across multiple blockchains

2026-04-01

Drift Protocol compromised in elaborate social engineering operation; North Korean proxies met Drift employees in person at conferences and made deposits over $1M to appear as legitimate partners before exploiting the protocol for $285M