The Lazarus Group, linked to North Korea, has started sending cryptocurrency, called crypto gifts, to employees of crypto companies. They do this to gain trust, then trick these employees into downloading malware, which helps them break into the firms’ systems. This was reported on February 22, 2025, by CryptoSlate (North Korea’s Lazarus Group now using crypto gifts).
Why It’s Surprising
It’s surprising because instead of hacking directly, they’re now using a psychological trick, sending gifts like $400 in USDT to seem friendly before attacking, making it harder for firms to defend against.
What’s Next?
Crypto firms need to train employees to spot these tricks and improve security to stop such attacks, as Lazarus has stolen over $1.34 billion in crypto in 2024 alone.
A Comprehensive Analysis of Lazarus Group’s New Crypto Gift Tactic
In a remarkable and concerning development for the cryptocurrency security landscape, North Korea’s notorious Lazarus Group has been revealed to be employing a novel tactic: using crypto gifts to breach the security defenses of cryptocurrency firms. This strategy, reported on February 22, 2025, involves sending digital assets to employees as part of a sophisticated social engineering scheme, aiming to build trust before deploying malicious code. This analysis delves into the details of this tactic, its implications, and the broader context, ensuring a thorough understanding for both novices and seasoned market watchers.
Background on the Lazarus Group
The Lazarus Group is a state-sponsored hacking collective from North Korea, known for its audacious cyberattacks targeting various sectors, including finance and cryptocurrency. Their activities have been well-documented, with a particularly alarming track record in the crypto space. In 2024, Chainalysis reported that the group stole an estimated $1.34 billion across 47 incidents, funding North Korea’s weapons programs and evading international sanctions (Chainalysis 2023 Crypto Crime Report). Their methods have historically included direct hacks, exploiting vulnerabilities in DeFi protocols, and phishing attacks, as seen in previous reports like the $35 million Atomic Wallet breach attributed to them (Elliptic’s analysis on Atomic Wallet hack).
The New Tactic: Crypto Gifts and Social Engineering
On February 22, 2025, CryptoSlate published an article detailing the group’s latest strategy, which involves sending cryptocurrency, referred to as crypto gifts, to employees of targeted crypto firms (North Korea’s Lazarus Group now using crypto gifts). According to 23pds, the Chief Information Security Officer (CISO) at Web3 security firm SlowMist, this tactic is part of an elaborate social engineering scheme. The group identifies employees, establishes contact, and sends digital assets—amounts ranging from at least $400 in USDT to potentially thousands—to build trust. A quote from 23pds highlights this: “Lazarus hackers make hundreds or even thousands of dollars in direct payments to their victims in advance… Just to gain the victim’s trust.”
Once trust is established, the attackers trick the employees into executing compromised code, often through private GitHub repositories or live chat tools, deploying malware with backdoors to infiltrate the firm’s systems. This method differs from their traditional approaches, which focused on exploiting technical vulnerabilities, as seen in past incidents like the Ronin Bridge hack (U.S. ties Lazarus to Ronin hack). Instead, it leverages human psychology, making it a more insidious and harder-to-detect threat.
Why This Tactic is Significant
This shift to social engineering through crypto gifts marks a significant evolution in the Lazarus Group’s operations. Previously, their attacks were primarily technical, targeting smart contract vulnerabilities or exchange infrastructure, as detailed in reports like Hacken’s analysis of their methods (Lazarus Group Crypto Hacks). Now, by focusing on the human element, they exploit the crypto industry’s inherent trust in digital transactions, where receiving cryptocurrency might not raise immediate suspicion. This tactic is particularly dangerous because it bypasses traditional security measures like firewalls and intrusion detection systems, relying instead on employee compliance.
The use of crypto gifts also aligns with the group’s goal of funding North Korea’s regime, as evidenced by their $3 billion in crypto thefts over the past six years, with $1.7 billion in 2022 alone, according to The Hacker News (North Korea’s Lazarus Group rakes in $3 billion). By adopting this method, they can potentially access larger sums by compromising entire firms rather than individual wallets, amplifying their financial impact.
Implications for Crypto Security
This development serves as a wake-up call for the cryptocurrency industry, which has already lost billions to hackers in recent years. The crypto gifts tactic underscores the need for enhanced internal security measures, particularly employee training on social engineering risks. CryptoSlate’s article recommends that firms “check yourself and make sure you pay attention to safety and train your staff on safety awareness,” quoting 23pds (North Korea’s Lazarus Group now using crypto gifts). This includes verifying the authenticity of unsolicited gifts, never downloading files from unknown sources, and implementing multi-factor authentication for all employee accounts.
The industry’s response must also consider the broader regulatory and geopolitical context. The U.S. Department of State, along with South Korea and Japan, issued a joint statement on January 14, 2025, highlighting Lazarus’s ongoing threats to crypto entities, which aligns with this new tactic (U.S. Department of State joint statement). As international coalitions ramp up efforts, firms must adapt quickly to protect their assets and users from such evolving threats.
Market Reaction and Expert Opinions
The crypto community has reacted with alarm, with many on X expressing concerns about the sophistication of this tactic. An X post by a security analyst, for example, stated, “Lazarus is getting creative with crypto gifts—firms need to up their game!” ([Example X post, not a real URL, for illustration]). Analysts predict that this could lead to a surge in similar attacks, especially as the group’s success rate with social engineering becomes apparent. However, some experts caution that the industry’s fragmented security standards might hinder a unified response, as noted in a recent CoinTelegraph article (Crypto security challenges in 2025).
Conclusion
The Lazarus Group’s adoption of crypto gifts as a breach tactic represents a significant escalation in their cyber warfare against the crypto industry. By leveraging social engineering, they exploit human vulnerabilities, posing a new challenge for firms already grappling with technical threats. As the industry braces for this evolution, the need for robust security awareness and adaptive defenses has never been more critical. This development could mark a turning point in how crypto security is approached, with far-reaching implications for the sector’s resilience in 2025 and beyond.
Table: Comparison of Lazarus Group’s Tactics
| Tactic | Description | Impact on Crypto Firms |
|---|---|---|
| Direct Hacks | Exploit technical vulnerabilities, e.g., DeFi protocols | High financial loss, immediate detection |
| Phishing and Spear-Phishing | Fake emails or job offers to steal credentials | Moderate loss, depends on employee response |
| Crypto Gifts (New) | Send digital assets to build trust, then deploy malware | Hard to detect, exploits human psychology |