In the wake of the Bibit violation, the infamous cybercrime group Lazaro Group operates under the support of the North Korean province, but accumulates nearly $1 billion in cryptocurrency assets through exploits traced to walls of over 70 flags. This analysis analyzes the labyrinth composition of digital looting in the syndicate.
How Lazarus powered 424,330 ETH under global surveillance
On February 21, 2025, the centralized Crypto Exchange Bybit fell victim to an astounding $1.4 billion cyberhacking, with forensic evidence pointing to the mystical Lazarus group.
According to Arkham, Lazarus Group Wallets is heading $919 million.
Long before this massive exploit, North Korea-related syndicates had already etched their names infamously, systematically extracting hundreds of millions of platforms from cryptographic platforms, including Roninhack, Coinex, DMM Exchange infiltration, and Harmony Horizon Bridge comporomies.
Following the extraction of 499,000 ETH from Bibit, a single platform robbery with incredible proportions – is redistributing 424,330 ETH withheld linked to the case. The Lazarus Group, a digital looter with suspected state ties, currently holds around 236,283 ETH (worth $592.78 million) across its wallet tied to Bibit exploits and previous escapes.
Arkham intelligence visualization of Lazarus Group’s on-chain action.
The trobe has been replenished with $3,391 BTC ($319.29 million), $311 million in BNB and $337,370 in BabyDoge from looting of 218 trillion coins. According to Arkham Intelligence Data, wallets related to Lazarus are involved in Exch.CX, Thorchain, Sky (formerly Makerdao), Uniswap, Cow protocol, Maya protocol and Bridger.
After part-time jobs, these wallets show relentless activity, casually shuffling assets across the platform. Arkham’s indicators confirm that population holdings now cover all previous peaks. The technical accuracy and magnitude of its operations imply resources and orchestration beyond traditional cybercrime, implying the potential for state-based support.
Analysts assume that a dual focus on group interests and geopolitical disruptions could reflect a hybrid framework that flaunts the traditional attributional model of state mandated rather than state mandatory.
Liquidating the $919 million crypto Arsenal raises the Hercules task, given the scrutiny of the forensic blockchain and global enforcement vigilance. Even minor transactions get exposed and flirt with over 70 flagged wallets full of ETH, BTC and AltCoins.
Huge amounts (thousands of ETH and BTC in hundreds of thousands) are complex obfuscation of demand through mixers, distributed exchange (DEX) platforms, or cross-chain bridges. However, these tools now work under microscopes and are becoming less effective as monitoring is enhanced.
Discover more from Earlybirds Invest
Subscribe to get the latest posts sent to your email.
