North Korea’s infamous Lazarus Group has reportedly pocketed a $2.51 million profit after selling 40.78 Wrapped Bitcoin (WBTC) that it acquired two years ago, according to data from on-chain analytics firm Spot On Chain.
The wallet, allegedly linked to Lazarus, sold 40.778 WBTC for 1,847 Ethereum (ETH), valued at approximately $3.51 million, marking a 251% gain since its original purchase in February 2023. At that time, the group had spent 999,900 USDT to buy WBTC at an average price of $24,521 per token.
“They sold 40.78 $WBTC ($3.51M) for a $2.51M profit—after buying it 2 years ago,” Spot On Chain stated in a post on X, attaching links to the transaction data.
Following the sale, the wallet split 2,507 ETH into three separate transactions:
- 205 ETH
- 500 ETH
- 1,865 ETH — transferred to another wallet reportedly tied to the group.
A Growing Pattern of On-Chain Obfuscation
The Lazarus Group has become notorious for its elaborate fund-laundering tactics, which often include swapping tokens and distributing funds across multiple wallets. Their activities have intensified scrutiny from blockchain monitoring platforms and cybersecurity agencies worldwide.
In March, the group made headlines again for reportedly laundering nearly 500,000 ETH — worth $1.39 billion — within 10 days of the Bybit exchange hack. On one day alone, $605 million was processed through THORChain, a decentralized cross-chain liquidity protocol.
Wallet Holds Over $1.1 Billion in Crypto
According to Arkham Intelligence, a wallet linked to Lazarus currently holds approximately $1.1 billion in crypto assets. These include major allocations in Bitcoin (BTC), Ethereum (ETH), and Tether (USDT) — a sign of the group’s continued reliance on large-cap cryptocurrencies for operational liquidity.
Broader Threat from North Korean Cyber Tactics
The Google Threat Intelligence Group recently warned of increased efforts by North Korean IT workers to infiltrate tech and crypto firms across Europe, often acting as internal access points for state-sponsored cyberattacks. These workers, often posing as freelance developers or engineers, are believed to play a crucial role in enabling hacks like those attributed to Lazarus.
With a history of targeting crypto platforms for geopolitical funding, the Lazarus Group continues to be one of the most well-resourced and evasive hacking collectives linked to a national government. Their recent WBTC sale adds yet another example of how illicitly obtained assets are actively being moved and monetized in the open.
As international regulators and blockchain surveillance firms increase scrutiny, Lazarus’ activities serve as a stark reminder of the challenges in securing digital assets against state-sponsored threats in the decentralized world.
