Get API Key
🇰🇵
critical Risk

Democratic People's Republic of Korea

State-sponsored cryptocurrency theft operations primarily conducted by the Lazarus Group, responsible for over $3 billion in stolen cryptocurrency since 2017.

47

Active Wallets

$3.00B

Total Stolen

4

Threat Actors

12

Active Alerts

Executive Summary

North Korea has emerged as the most prolific nation-state actor in cryptocurrency theft, with DPRK-linked hackers stealing over $3 billion in cryptocurrency since 2017. These operations are primarily attributed to the Lazarus Group, a state-sponsored hacking collective that operates under the Reconnaissance General Bureau (RGB), North Korea's primary intelligence agency.

Key attack vectors include:

  • Cross-chain bridge exploits (Ronin, Harmony, Horizon)
  • Social engineering targeting crypto employees
  • Supply chain attacks on Web3 projects
  • DeFi protocol exploits and flash loan attacks

The stolen funds are laundered through complex chain-hopping operations using Tornado Cash, Sinbad, and other mixing services before being converted to fiat currency to fund North Korea's nuclear and ballistic missile programs.

Threat Actors

Lazarus Group

HIGH CONFIDENCE

Also known as: HIDDEN COBRA, Guardians of Peace, APT38, BlueNoroff, Stardust Chollima

$3.00B

Estimated Volume

Primary North Korean state-sponsored hacking group responsible for cryptocurrency heists exceeding $3 billion since 2017.

First Observed

2009

Active Wallets

47

Last Activity

2024-02-20

Primary Targets

4 categories

Tactics

Exchange hacks DeFi exploits Social engineering Malware deployment Chain hopping

Primary Targets

Cryptocurrency exchanges DeFi protocols Blockchain bridges Financial institutions

APT38

HIGH CONFIDENCE

Also known as: BlueNoroff, Stardust Chollima

$1.10B

Estimated Volume

Financially motivated threat actor, subset of Lazarus, focused on cryptocurrency and banking theft.

First Observed

2014

Active Wallets

23

Last Activity

2024-02-18

Primary Targets

3 categories

Tactics

SWIFT fraud Cryptocurrency theft Watering hole attacks

Primary Targets

Banks Cryptocurrency exchanges FinTech companies

OFAC Designated Wallets

2 addresses tracked
Address Chain Entity Received Txns Risk
0x098B71...3E2f96
ethereum

Lazarus Group - Ronin Bridge Hack

Designated: 2022-04-14

 $620.00M 156 100
0x4F47Bc...3a6e0C
ethereum

Lazarus Group - Harmony Bridge

Designated: 2023-04-24

 $100.00M 89 100

These addresses are officially designated by the U.S. Treasury's Office of Foreign Assets Control (OFAC). Transactions with these addresses may violate U.S. sanctions laws.

Major Incidents

💰

Ronin Bridge Hack

$620M

March 2022

Lazarus Group compromised 5 of 9 validator keys on the Ronin Network, enabling the largest DeFi hack in history. Funds stolen from Axie Infinity's bridge.

🌉

Harmony Horizon Bridge

$100M

June 2022

Exploited multisig wallet requiring only 2 of 5 signatures. Attackers compromised private keys through targeted social engineering.

âš¡

Atomic Wallet Exploit

$100M+

June 2023

Compromised Atomic Wallet software affecting thousands of users. Funds quickly laundered through Sinbad mixer and cross-chain swaps.

Integrate DPRK Threat Data

Access North Korea threat intelligence via our free API

API Request 
curl -X GET "https://api.nsctip.com/v1/nations/north-korea" \
  -H "X-API-Key: YOUR_API_KEY"
Get API Access
Back to Dashboard
🇮🇷 Iran 🇷🇺 Russia