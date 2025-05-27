North Korea’s Lazarus hacking group is suspected of stealing $5.2 million worth of crypto after infecting the victim with malware, according to crypto sleuth ZachXBT.

He shared the wallet addresses related to the theft on Telegram this morning, noting that the suspects, likely to be government-linked, are now moving 1,000 ether (ETH) worth $2.6 million via crypto mixer Tornado Cash in an attempt to launder the proceeds.

The three addresses linked to the May 24 hack are:

0x9d42a049f88f1db4b304441081aff7c40d857bea

0x4be5023ad49573a544a9a4109e4f1880a32fe5c3

0x31088345396d0cf00a81a3e3b8e8c5bb8ec768a3

Read more: FBI confirms North Korean ‘TraderTraitor’ to blame for $1.5 billion Bybit hack

In addition to Tornado Cash, a report from blockchain analyst TRM Labs highlights North Korea’s reliance on Chinese over-the-counter brokers to launder stolen funds. It details how North Korea provides the cybercriminals, while China and Russian criminal networks provide the infrastructure to move stolen crypto.

Lazarus is suspected of funding the North Korean government through various cybercrimes and is believed to have hacked the crypto exchange Bybit for $1.5 billion.

Remote job applications have also been targeted by North Korean state actors who attempt to infiltrate companies with stolen identities and direct funds to the state.

All this to fund a state heavily impacted by sanctions. The hermit kingdom might have needed another cash injection, as days before the hack, its newly built 5,000-ton warship capsized after a disastrous sideways launch.

These destroyers aren’t cheap, with some South Korean warships costing almost $1 billion to build.

Got a tip? Send us an email securely via Protos Leaks. For more informed news, follow us on X, Bluesky, and Google News, or subscribe to our YouTube channel.

