Lazarus Group Nets $2.51M from WBTC Sale Amidst Sophisticated Crypto Laundering Operations

The Lazarus Group, a notorious North Korean hacking entity, has once again made headlines by turning a hefty profit of $2.51 million from selling 40.78 Wrapped Bitcoin (WBTC). Wrapped Bitcoin, or WBTC, is a tokenized version of Bitcoin that operates on the Ethereum blockchain, allowing for more flexible use within the Ethereum ecosystem. This move is just a small part of their broader, sophisticated operations in the crypto world, which include laundering funds from high-profile hacks and infiltrating tech firms across Europe.

• Lazarus Group profits $2.51M from WBTC sale
• Group launders funds from Bybit hack
• North Korean IT workers target European tech and crypto firms

In February 2023, the Lazarus Group purchased 40.78 WBTC for approximately 999,900 USDT at an average price of $24,521 per WBTC. Fast forward to today, and they’ve sold those same tokens for $3.51 million, receiving 1,847 Ethereum in return. This sale netted them a 251% profit, showcasing their knack for timing the market. Meanwhile, the current trading price of WBTC stands at $83,459, marking a 240% increase from two years ago. You might be wondering how they managed to pull this off? Well, it’s simple: buy low, sell high, and do it with stolen funds.

After the sale, the Lazarus Group didn’t sit on their hands. They swiftly distributed the Ethereum proceeds into three separate wallets, with amounts of 205 ETH, 500 ETH, and 1,865 ETH. This move is typical of their laundering tactics, spreading the funds to make them harder to trace. It’s like splitting your cash into different envelopes to avoid detection at the bank.

Their activities don’t stop at selling WBTC. The Lazarus Group has been busy laundering funds from the Bybit hack, moving nearly 500,000 ETH, equivalent to $1.39 billion, in just 10 days. The Bybit hack, which occurred on February 21, 2025, was a significant blow to the crypto community, highlighting the vulnerabilities in centralized exchanges. They’ve utilized platforms like THORChain to process a staggering $605 million of these funds in a single day. THORChain is a decentralized liquidity network that facilitates cross-chain transactions, making it an attractive tool for laundering due to its ability to move funds across different blockchains quickly and anonymously. It’s clear that these hackers are not just playing around; they’re running a well-oiled machine.

But it’s not just about the money. A Lazarus Group-linked wallet currently holds around $1.1 billion in crypto, primarily in Bitcoin, Ethereum, and Tether. This stash is a testament to their ongoing success in the shadowy world of crypto theft and laundering.

Adding another layer to their operations, North Korean IT workers are ramping up efforts to infiltrate tech and crypto companies in Europe. These workers act as entry points for groups like Lazarus, posing a significant threat to the security of these firms. The Google Threat Intelligence Group has noted this increased activity, highlighting the strategic approach of North Korea in gaining access to sensitive information and systems. It’s like sending spies into enemy territory to gather intel and open backdoors.

While the Lazarus Group’s activities are impressive in their scale and sophistication, they also underscore the ongoing challenges faced by the crypto industry in combating state-sponsored cybercrime. The decentralized nature of cryptocurrencies, while a boon for privacy and freedom, also makes it a fertile ground for such nefarious activities. However, the crypto community is not sitting idly by. Efforts are being made to enhance security measures, develop better tracking tools, and push for regulatory frameworks that can help combat these threats without compromising the principles of decentralization and privacy.

As we navigate this complex landscape, it’s crucial to remain vigilant and informed. The Lazarus Group’s operations are a stark reminder of the dark side of crypto, but they also highlight the resilience and adaptability of the blockchain community in the face of such threats. We must continue to champion decentralization, freedom, and privacy while also working to disrupt the status quo and accelerate the adoption of effective security measures.

Key Takeaways and Questions

• What was the profit made by the Lazarus Group from selling WBTC?

  The Lazarus Group made a profit of $2.51 million from selling 40.78 WBTC.

• How did the Lazarus Group distribute the proceeds from the WBTC sale?

  The group distributed the Ethereum proceeds into three separate wallets, with amounts of 205 ETH, 500 ETH, and 1,865 ETH.

• What is the current trading price of WBTC?

  The current trading price of WBTC is $83,459.

• How much did the Lazarus Group launder from the Bybit hack?

  The group laundered nearly 500,000 ETH, equivalent to $1.39 billion, from the Bybit hack in just 10 days.

• What platform was used to process a significant portion of the Bybit hack funds?

  THORChain was used to process at least $605 million of the Bybit hack funds in a single day.

• What is the total value of crypto holdings in a Lazarus Group-linked wallet?

  A Lazarus Group-linked wallet holds around $1.1 billion in crypto, primarily in Bitcoin, Ethereum, and Tether.

• What are North Korean IT workers doing in Europe?

  North Korean IT workers are increasing efforts to infiltrate tech and crypto companies in Europe, acting as entry points for state-sponsored hacking groups like the Lazarus Group.

• What measures are being taken to combat such activities?

  The crypto community is enhancing security measures, developing better tracking tools, and pushing for regulatory frameworks to combat state-sponsored cybercrime while maintaining the principles of decentralization and privacy.