North Korea is practically swimming in Bitcoins right now. In what may seem to be a shocker, observers believe that the country holds the world’s third-largest reserve of government-held bitcoins.
All thanks to the $1.5 billion crypto heist carried out by their state-backed crypto hackers, of course. In fact, as per a report by the South China Morning Post published on 18 March 2025, North Korea is holding on to so much Bitcoin, that only the US (198,109 coins) and the UK (61,245 coins) seem to have more.
The North Korean government currently owns a whopping 13,562 Bitcoins. Based on an analysis done by the crypto security firm Arkham Intelligence, the value of North Korea’s Bitcoin holdings is around $1.14 billion.
North Korea is now the 3rd largest #Bitcoin holder
Just behind US ( 198,109 BTC / $16.6B ) and UK ( 61,245 BTC / $5.1B )
Funny thing is they built this position without any cost
13,562 BTC from the Bybit hack pic.twitter.com/BACIT7CrVK
— Budhil Vyas (@BudhilVyas) March 18, 2025
Authorities believe that North Korea uses their state-backed crypto hackers to serve as an alternative revenue stream, circumventing the stringent economic sanctions imposed on them by the international community.
Last year, North Korea’s Lazarus Group carried out some of the largest crypto heists, which account for approximately 61% of all cryptocurrencies stolen in 2024.
Explore: Best New Cryptocurrencies to Invest in 2025
The Lazarus Group Modus Operandi and Notable Crypto Heists
The Lazarus Group seems to be the linchpin of North Korea’s crypto heist endeavours. The group was organized around 2007 and is believed to have ties with the North Korean government.
They have been implicated in several high-profile cyberattacks, attacking financial institutions and crypto exchanges as such. In February 2025, the Lazarus Group executed one of the biggest crypto heists, targeting the Dubai-based trading platform, Bybit.
The group stole tokens worth $1.5 billion, largely Ethereum, and later converted them into Bitcoins. Through a statement on social media, Bybit said, “Unfortunately, this transaction was manipulated through a sophisticated attack. As a result, the attacker was able to gain control of the affected [Ethereum] cold wallet and transfer its holdings to an unidentified address.”
Bybit initiated a bounty program post-heist to recover stolen tokens, offering a 10% reward for any retrieval. However, as of March 10, 2025, the authorities have recovered tokens worth only $40 million.
On 18 July 2024, the group targeted the India-based crypto exchange, WazirX, siphoning off $234.9 million. The hackers drained the company’s crypto assets by directing them towards addresses under their control, abruptly cutting off WazirX’s operations.
In 2022, the FBI also implicated the group in targeting the Ronin Network, a blockchain platform associated with the online game Axie Infinity. In this case, the Lazarus Group made off with $620 million.
The group employs several techniques, including spear phishing campaigns, malware distribution, and exploiting software vulnerabilities. Their methods often involve the creation of fake personas and advanced laundering methods to convert stolen crypto to fiat currency.
Crypto Companies Scramble To Plug In Gaps In Their Systems
With global crypto heists seemingly turned up to ten, companies are rallying up their defences and taking a proactive approach to prevent a Bybit repeat.
On March 17, 2025, the Seychelles-based crypto exchange firm OKX, in a press release, confirmed the suspension of its decentralized finance (DeFi) services in an effort to proactively take action against a coordinated effort by the Lazarus group to misuse said service.
Aspects of OKX’s DeFi services have raised concerns from the European authorities as well. The company is currently under investigation in the EU for allegedly laundering $100 million from the Bybit hack and could potentially lose its Markets in Crypto-Assets Regulation (MiCA) license.
OKX has however revealed that it is working closely with several experts to plug in the gaps in its systems. The company has recently rolled out a hacker address detection system for its Web3 DEX aggregator and plans to introduce a system to track the hacker’s recent address to lock them out of its CEX system in real time.
Crypto entities are implementing safety protocols such as multi-party approval systems, and two-factor authentication to bolster their cybersecurity protocols. Furthermore, there is also an industry-wide shift in adapting advanced predictive technologies that enable real-time detection of potential risks and threats.
Explore: 9+ Best High-Risk, High–Reward Crypto to Buy in March 2025
Key Takeaways
- North Korea amasses Bitcoin to bypass sanctions via cyber heists to become the third largest Bitcoin holder after the US and the UK.
- The Lazarus Group accounts for approximately 61% of all cryptocurrencies stolen in 2024.
- The Lazarus Group has recently begun using generative artificial intelligence tools to enhance their attacks.
The post North Korea Becomes Third Largest Bitcoin Holder Through State Sponsored Crypto Heists appeared first on 99Bitcoins.
