In 2025, cryptocurrency theft evolved from simple lagpur and opportunistic fraud to sophisticated nation-state sponsored operations targeting major exchanges and critical infrastructure. Over $2.17 billion was stolen in the first half of 2025, and that figure continues to rise month after month..
In September alone, 20 crypto-related attacks brought reported losses to $127 million, highlighting the rising threat. Below are three well-known hackers involved in major crypto attacks:
1. Lazarus Group
The Lazarus Group is a notorious, long-term, North Korea-backed hacking organization. Known for aliases such as Apt 38, Labyrinth Chollima, and Hidden Cobra, the group consistently demonstrates the ability to detour even the most advanced security systems.
Furthermore, Hacken dates back to operations that began with an invasion of the South Korean government system and date back to at least 2007. Other notable attacks include the 2014 Sony Pictures Hack (film “Interview Retaliation), the 2017 Wanna Cree Ransomware outbreak, and an ongoing campaign targeting the South Korean economic sector.
In recent years, Lazarus has focused on cryptocurrency theft, stealing more than $5 billion between 2021 and 2025. Most importantly, it was the Bybit Hack, in February 2025, when the group stole $1.5 billion of Ethereum (ETH). Additional businesses included $3.2 million in Solana (SOL) theft in May 2025.
“DPRK’s Bibit Hack has fundamentally changed the 2025 threat landscape. At $1.5 billion, this single incident represents the biggest crypto theft in history, and accounts for around 69% of all funds stolen from this year’s services.”
2. Gonjeshke Darinde
Gonjeshke Darande (predatory Sparrow) is a politically motivated cyberattack group that is widely believed to have ties to Israel. Amid the escalation of the Israeli-Iranian conflict, the group misused Novitex, Iran’s biggest crypto exchange, and stole around $90 million before burning its funds.
Gonjeshke Darande also released the source code for Nobitex, undermining the exchange’s own system, causing a major blow to the reliability of its users and partners.
“Twelve hours ago, eight burn addresses burned $90 million from the purse of the administration’s favorite sanctions violation tool. Nobitex. They posted in June.
Other attacks from the group also focus on Iran’s infrastructure, banks and more.
- In July 2021, Gonjeshke Darande disrupts the Iranian railway system, causing massive delays, and posted a laughing message on public boards.
- In October 2022, the group attacked three major steel factories, releasing footage of the fire that caused serious physical and economic damage.
- In May 2025, they violated Bank Sepa, the Iranian state-owned bank, leaking sensitive data and disrupted financial operations.
There are many weapons in the control of the octopus that controls Iran – they are being cut off one by one
This week, Gonjeshke Darande targeted the IRGC’s financial lifeline: arteries that feed fear and destruction.
These infrastructures were not operated for the benefit of the citizens.
They are…pic.twitter.com/5aein0esgl-Gonjeshke Darande (@gonjeshkedarand) June 20, 2025
3. UNC4899
UNC4899 is another crypto hacking unit sponsored by the North Korean state. According to a report from Google’s Cloud Threat Horizons, the group operates under North Korea’s leading intelligence agency, the Reconnaissance Bureau (RGB).
The report revealed that the group has been active since at least 2020. Additionally, UNC4899 focuses its efforts on the cryptocurrency and blockchain sector. This group demonstrates advanced capabilities in implementing supply chain compromises.
“A notable example is the suspected exploitation of JumpCloud, which underscores the cascade risks that such sophisticated adversaries pose at the expense of downstream customers within the verticals of cryptocurrency,” the report states.
Between 2024 and 2025, Crypto Hacker conducted two major Crypto Heist. In one case, they invited victims on Telegram, deployed malware through Docker containers, bypassed MFA on Google Cloud, and stole millions of cryptocurrencies.
In another case, they approached the target via LinkedIn, stealing AWS session cookies to bypass security controls, injecting malicious JavaScript into the cloud service, and once again sucking up millions of digital assets.
Thus, this year, crypto theft has become as much a tool for geopolitical conflict as financial crimes. Billions have lost this year – and the strategic motivations behind many attacks have to be treated as exchanges, infrastructure providers, and even governments, as well as crypto security as a national security issue. Without coordinated defense, shared intelligence, and stronger protections across ecosystems, losses will continue to escalate.
Crypto’s Most Wanted Post: Three Hackers Driving the Wave of Digital Crime First appeared in Beincrypto.
Discover more from Earlybirds Invest
Subscribe to get the latest posts sent to your email.
![[LIVE] Bitcoin Price Updates: BTC Price Explodes to New ATH Above $125,000, Is $150K Next?](https://i0.wp.com/cimg.co/wp-content/uploads/2025/10/05051856/1759641535-chatgpt-image-oct-5-2025-08_18_02-am_optimized.jpg?resize=150%2C150&ssl=1 "[LIVE] Bitcoin Price Updates: BTC Price Explodes to New ATH Above $125,000, Is $150K Next?")
