North Korean Hacker Group Lazarus Possesses $40M in Stolen Bitcoin


Written by:

Anisha Pandey

Support writers:   ⚡ Tip the author

Recent data reveals that the infamous North Korean hacking organization Lazarus Group holds a staggering $47 million in various digital assets, the majority of which is in bitcoin.

A report from Dune Analytics in collaboration with analyzed 295 wallets that the FBI and the Office of Foreign Assets Control have linked to the Lazarus Group. It found that the Lazarus-affiliated wallets currently possess around $42.5 million worth of bitcoin, among other digital assets.

However, researchers acknowledged that their report likely underestimates the bitcoin holdings within the group’s possession. stated:

“We should note that this is a lower-bound estimation of Lazarus Group’s holdings based on publicly available information.”

Interestingly, the group’s currently reported digital asset holdings are far lesser than $86 million that they were believed to have on September 6, a few days after the hack. Meanwhile, their wallets are still quite active. Their last logged transaction was observed on September 20.

However, a recent report by Chainalysis claims that hacks by North Korean groups have decreased by 80% from last year. By mid-September, these groups had managed to drain a sum of $340.4 million in digital assets, marking a massive reduction from their record of $1.65 billion in stolen digital assets in 2022.

The FBI believes that the Lazarus Group was involved in some of the major hacks in 2023, including Alphapo, CoinsPaid, and Atomic Wallet hacks. These allegedly added over $200 million to the total of $340.4 million amount.

About Lazarus Group

The Lazarus Group, called a “state-sponsored hacking organization” by the FBI, is a well-known cybercriminal organization, believed to be originating from North Korea. They’re infamous for carrying out big cyberattacks, like the 2014 Sony Pictures hack, the 2016 Bangladesh Bank theft, and the 2017 WannaCry ransomware attack.

A screenshot of Wanacry ransomware message screen. The attack is believed to be linked to Lazarus Group — Wikipedia

They also do cyber spying, mainly targeting governments and banks, and have been involved in several high-profile hacks involving digital assets

Lazarus Group’s actions remain under vigilant observation by cybersecurity experts and law enforcement agencies around the world. Last week, the United States federal authorities issued warnings for potential attacks on the healthcare sector by this group.

Share this post via: is not investment advice.

Opinions expressed are entirely their own and do not necessarily reflect those of

For informational purposes only. Individuals and entities should not construe any information on this site as investment, financial, legal, tax, accounting or other advice. Information provided does not constitute a recommendation or endorsement by to buy or sell bitcoin, cryptocurrencies or other financial instruments. Forecasts are inherently limited and cannot be relied upon. Do your own research and consult a professional advisor. The opinion of authors do not reflect those of