Lazarus Group (APT38)
Web3 / compliance
The Lazarus Group (also designated APT38, Sapphire Sleet) is the overarching umbrella term for North Korea's most elite cyber operators, operating under the direct control of the Reconnaissance General Bureau (RGB) — North Korea's primary intelligence agency. Lazarus has a dual mandate: conduct espionage and disrupt adversaries, while also generating hard-currency revenue to fund the regime's nuclear weapons and ballistic missile programmes in defiance of international sanctions. Early operations established Lazarus's reputation through catastrophic attacks including the 2014 Sony Pictures hack, the 2016 SWIFT banking heist (nearly $1 billion stolen), and the 2017 WannaCry ransomware outbreak affecting 150+ countries. By 2025–2026, Lazarus has heavily pivoted toward the cryptocurrency and Web3 ecosystem as the primary revenue theatre. Operations are characterised by sophisticated supply-chain poisoning, exploitation of cross-chain bridge vulnerabilities, and weaponised social engineering ('Code to Custody'). The group is responsible for the $625 million Ronin bridge hack (March 2022), the $100 million Harmony bridge theft (2021), and — most consequentially — the $1.5 billion Bybit exchange heist in early 2025, the largest cryptocurrency theft in history. The broader Lazarus ecosystem includes specialised sub-groups: BlueNoroff (financial heists and crypto theft) and Andariel (espionage and South Korea-focused disruption). Why it matters for compliance: Lazarus represents an existential threat to crypto platforms — the group operates with state resources, long-term patience, and no legal accountability. Effective defence requires multi-signature security architectures, supply-chain integrity controls, counter-intelligence awareness training for developers and HR teams, and real-time threat-intelligence integration capable of detecting the group's lateral movement before hot wallet access is achieved.
Explore the full Web3 Glossary — 2,062+ expert-curated definitions. Need guidance? Talk to our consultants.