North Korea’s hacking team, known as the Lazarus Group, has struck again—this time stealing a shocking $3.2 million in digital money. The scam took place on May 16, when a user lost millions of dollars through a carefully planned trap set by these cybercriminals.
The Multi Million Dollar Crypto Trap
Right after the money was stolen, the hackers turned the stolen coins from Solana into Ethereum, another type of cryptocurrency. Then, they used a secretive online tool called Tornado Cash to hide their tracks. Tornado Cash helps people move money around in a way that makes it hard to follow, almost like shaking up a puzzle so no one can tell where each piece came from.
At the time the scam was reported, around $1.25 million of the stolen money was still sitting in a special digital wallet. This wallet held two types of cryptocurrency: DAI and ETH. Investigators are still watching this wallet, hoping it might lead to more clues.
More Attacks Linked to Lazarus Group
This scam isn’t the only one. Just days before it was revealed, another big attack shocked the crypto world. On June 27, investigators discovered that the same lazarus group had carried out a sneaky hack involving digital artwork known as NFTs. These digital collectibles are like virtual trading cards that people buy and sell online.
The hackers targeted NFT projects tied to popular characters and brands. They began this attack on June 18 and were able to sneak into several NFT projects. Once inside, they took control of the digital artwork contracts. That means they could create fake versions of the NFTs and sell them like they were real.
Cyberattack Exposes Melbourne Hospital Patients Data on Dark Web
By doing this, they tricked people into buying fake NFTs. Almost $1 million was stolen by them from one attack alone. The money from these fake sales was then sent through three different digital wallets. This made it harder for anyone to track where the money went.
Later, some of the stolen funds were changed into more stable types of digital currency, called stablecoins. The hackers then moved this money to a well-known trading website called MEXC. This helped them hide the money even better.
Clues Point to North Korean Hackers
As experts dug deeper into the case, they noticed some clear signs linking the crime to North Korea. First, the pattern of the stolen money being moved matched earlier hacks carried out by the Lazarus Group. The way the money was split up, transferred, and turned into other types of digital currency looked very familiar.
Second, some of the online accounts used by the hackers had Korean settings and were active during times that lined up with North Korea’s time zone. This suggested that the people behind the scam were working from that region.
Hackers Steal Digital Gold Worth ₹1.95 Crore on Aditya Birla’s Finserv App
One of the NFT projects even had a top team member who is now believed to be a North Korean tech worker. His online profiles disappeared right after the scam, and no one has been able to confirm if his work history was real. These are common tactics used by cybercriminals to hide their true identity.
What’s more, this isn’t an isolated case. Over the past year, North Korea-linked hackers have stolen nearly $1.6 billion in cryptocurrency. That’s almost 70% of all the crypto thefts reported worldwide in 2025 so far. The Lazarus Group, in particular, has become one of the most dangerous players in the world of cybercrime, especially in the digital money space.