dprk

Lazarus Group is a North Korean state-sponsored advanced persistent threat (APT) actor, also tracked as APT38, TraderTraitor, BlueNorOff, Hidden Cobra, and ZINC, operating under the Reconnaissance General Bureau (RGB) of the Korean People's Army. Active since approximately 2009, the group has stolen an estimated $6.75 billion in cryptocurrency through targeted attacks on exchanges, bridges, and blockchain companies, using stolen funds to finance North Korea's weapons programs and circumvent international sanctions. The U.S. Department of Justice has indicted three named members, and OFAC placed the group on the Specially Designated Nationals (SDN) list in April 2022.

Garden Finance is a cross-chain Bitcoin bridge protocol launched in 2023 by former Ren Protocol developers, using Hash Time Locked Contracts (HTLCs) and an intents-based solver network to enable atomic swaps across Ethereum, Solana, Arbitrum, Base, and other chains. On October 30–31, 2025, one of its largest solver operators was compromised via a leaked private key, resulting in approximately $11.4 million in stolen assets that were subsequently laundered through Tornado Cash. Prior to the exploit, blockchain investigator ZachXBT alleged that over 80% of the protocol's recent fee revenue was derived from laundering funds stolen in the February 2025 Bybit hack, which the Lazarus Group (DPRK) perpetrated for approximately $1.4 billion.

CoinEx is a centralized cryptocurrency exchange that suffered a major hot wallet breach on September 12, 2023, with losses estimated between $54 million and $70 million across multiple blockchains. On-chain investigators ZachXBT and Elliptic attributed the attack to the Lazarus Group (TraderTraitor), a North Korean state-sponsored threat actor, based on wallet address overlap with the contemporaneous Stake.com hack. Stolen proceeds were subsequently laundered in part through the Sinbad Bitcoin mixer, which was sanctioned by the U.S. Treasury's OFAC on November 29, 2023.

CoinsPaid is an Estonia-based cryptocurrency payment processor founded by Max Krupyshev that was targeted in two major security breaches: a $37.3 million hack in July 2023 attributed by the company and the FBI to North Korea's Lazarus Group (achieved via a sophisticated social engineering campaign using fake job offers), and a second breach in January 2024 resulting in approximately $7.5 million in losses. Despite the company's stated transparency and rapid operational recovery, the consecutive incidents raise significant concerns about its security posture and its status as a repeated high-value target for state-sponsored threat actors.