The Hackers Funding a Country

Most cybercrime is scattered and opportunistic. Lazarus Group is not. It is a group tied to the North Korean state, and for more than a decade its role has been to generate revenue for a country largely cut off from the global financial system.

They were not always focused on crypto. They are linked to the 2014 Sony Pictures breach, the Bangladesh Bank heist in 2016, and the WannaCry ransomware in 2017. Over time, the focus shifted. Crypto is easier to move across borders, does not require identity, and can be routed through multiple layers before it is tracked.

Recent incidents reflect that shift. Reports connect them to attacks on Drift Protocol and KelpDAO in April, with combined losses in the hundreds of millions.

What stands out is that the entry point is not always purely technical. In some cases it starts with access. Conversations, job offers, small tasks. In others, the exploit is deeper in the infrastructure. Increasingly, it is a combination of both.

In the end it’s always the same pattern. Money is taken, routed, and disappears somewhere you can’t really follow.

It’s just happening more often now. Better tools, more patience, and no clear line anymore between social engineering and technical exploits.