🌍 World πŸ’° Crypto

North Korea: $577 Million Stolen in Crypto β€” Lazarus Group Behind 76% of 2026 Hacks

πŸ“… 4 May 2026 ⏱️ 5 min de lecture πŸ“Š Source: TRM Labs, BeinCrypto
In just four months, North Korean hackers stole $577 million in cryptocurrency β€” 76% of all crypto thefts this year. Two surgical attacks, prepared over months, brought the largest decentralised finance platforms to their knees. And behind it all: the Lazarus, Kim Jong-un's cyberwarfare unit.
577M$
Stolen in April 2026 across 2 attacks
76%
Of all 2026 crypto thefts
6,75Md$
Stolen since 2017 by Lazarus

πŸ‡°πŸ‡΅ Who is the Lazarus Group?

Lazarus is not an ordinary hacker group. It's a unit of the North Korean intelligence agency β€” the Reconnaissance General Bureau. Members are recruited as teenagers into military schools, trained for years, and directly funded by the North Korean state.

They speak English, Japanese, Korean. They master blockchain protocols the way others master weapons. And above all β€” they have a very specific reason for stealing crypto: fund the nuclear programme strangled by international sanctions.

⚠️ Why North Korea targets crypto
  • North Korea has almost nothing left to export β€” everything is sanctioned
  • Crypto provides immediate liquid cash without needing a bank
  • Blockchain transactions are traceable but funds are hard to freeze
  • According to the UN, these thefts directly fund Pyongyang's ballistic missiles

πŸ“… The two attacks of April 2026

  • April 1, 2026
    Drift Protocol β€” $285 million The result of a 6-month infiltration. North Korean hackers created fake developer identities, obtained positions in partner teams, and waited for the right moment to strike. A spy movie operation.
  • April 18, 2026
    KelpDAO / LayerZero β€” $292 million Hackers sent a fake official message mimicking the protocol to drain the vault. The platform used a single validator β€” a fatal mistake. $71 million was frozen by Arbitrum, but $175 million was already converted to Bitcoin via mixers.
  • April 30, 2026
    Carrot Protocol β€” shut down A collateral victim of the Drift hack, Solana's Carrot platform announced permanent closure, describing the consequences as "catastrophic".

πŸ“ˆ A terrifying progression

The rise of the Lazarus Group is staggering:

  • 2020-2021: less than 10% des vols crypto mondiaux
  • 2022 : 22%
  • 2023 : 37%
  • 2024 : 39%
  • 2025 : 64% β€” 2 milliards de dollars dont 1,5Md$ volΓ©s Γ  Bybit seul
  • 2026 : 76% β€” record historique

πŸ€” But what does this mean for you?

Don't have any crypto? Think you're not affected? Here's why you are:

🚨 Techniques used against everyday people
  • Fake CVs and fake LinkedIn profiles β€” North Koreans pose as freelance developers to infiltrate companies
  • Advanced social engineering β€” they build fake relationships for months before striking
  • Highly targeted phishing β€” AI-personalised emails indistinguishable from the real thing
  • Fake crypto job offers β€” a too-good-to-be-true offer that installs malware
πŸ’‘ Key takeaways
  • Crypto platforms are not safe β€” even the biggest can be emptied
  • If you have crypto, don't leave it on a platform β€” use a hardware wallet
  • Be wary of unexpected crypto job or partnership offers
  • VPNs and antivirus aren't enough against social engineering β€” human vigilance is essential

Received a suspicious crypto offer?

Describe the situation to CyberGuard β€” it'll tell you in seconds if it's a scam.

πŸ€– Analyse with CyberGuard β†’
πŸ“– Complete guide β€” Protect Your Family Online
30 pages Β· Scams, phishing, passwords Β· Instant download
Buy $6.90 β†’
πŸ“– Related articles