Crypto’s Most Wanted: 3 Hackers Driving the Digital Crime Wave

By the dawning of 2025, cryptocurrency theft had no longer remained a mundane affair of quick cash grabs or trivial scams. What was once the plaything of street-level criminals, evolved into the high-stakes game of nation-state-backed cybercriminals. These shadows now lurk, targeting major exchanges and essential infrastructure. The numbers speak for themselves: $2.17 billion vanished within the first half of 2025 alone. And as each passing day unfolds, that number climbs ever higher-like the steady thrum of a drum signaling the march of inevitable destruction.

And in September-dear reader-September saw a staggering 20 attacks, looting $127.06 million from crypto exchanges, as if the world’s most precious treasures were mere baubles to be swiped by digital phantoms. The threat grows by the hour. Below are three of the most notorious hackers, whose names have become whispers of dread in the digital underworld.

1. Lazarus Group

The Lazarus Group-does that name not sound like the very echoes of a darker age? This gang of digital marauders, under the auspices of North Korea, has earned a reputation not just for their proficiency, but for their boldness in navigating even the most fortified defenses. Known by aliases like APT 38, Labyrinth Chollima, and HIDDEN COBRA, this group has been slicing through the digital fabric since 2007, their origins rooted in the infiltration of South Korea’s government systems.

But their exploits didn’t end there. In 2014, they came for Sony Pictures, a retaliatory strike for “The Interview,” then spread chaos with the WannaCry ransomware in 2017, a virus as contagious as the fear it instilled. But perhaps the most brazen theft came in February 2025-when they breached Bybit, taking a jaw-dropping $1.5 billion in Ethereum (ETH), the largest crypto heist in history. And that was not the only treasure they plundered. The group also snatched $3.2 million in Solana (SOL) just months later. These are no petty thieves-they are architects of digital warfare.

“The DPRK’s Bybit hack fundamentally altered the 2025 threat landscape. At $1.5 billion, this single incident not only represents the largest crypto theft in history, but also accounts for approximately 69% of all funds stolen from services this year,” Chainalysis wrote in July.

2. Gonjeshke Darinde

Ah, Gonjeshke Darinde-the predatory sparrows of the cyber skies. The name alone invokes images of sharp beaks and relentless cunning. This politically motivated group, thought to be affiliated with Israel, has made quite the name for itself in the increasingly hostile landscape of Israel-Iran relations. Their most notable strike? The 90 million-dollar heist at Nobitex, Iran’s largest crypto exchange, before they burned the funds. Yes, burned them-how poetic. And as if to rub salt into the wound, they exposed the exchange’s source code, a symbolic death blow to its integrity.

And yet, this was not the group’s first foray into chaos. They have a history of meddling with Iranian infrastructure, from disrupting railway systems in 2021 to attacking steel plants and releasing footage of fires that wreaked havoc in 2022. As if that weren’t enough, they breached Bank Sepah in May 2025, releasing confidential data and sowing discord in the financial sector.

In July 2021, they brought Iran’s railway systems to a grinding halt, sending mocking messages to public boards as they did.
In October 2022, they targeted three steel plants, releasing videos of devastating fires that crippled both the physical and economic health of the country.
In May 2025, they exposed Bank Sepah’s vulnerabilities, leaking sensitive data and causing a disruption in financial operations.

The octopus ruling Iran has many arms – they are being cut off one by one

This week, we, “Gonjeshke Darande,” targeted the IRGC’s financial lifelines – the arteries feeding terror and destruction.

These infrastructures were not operated for the benefit of the citizens.
They…

– Gonjeshke Darande (@GonjeshkeDarand) June 20, 2025

3. UNC4899

Lastly, we meet UNC4899-a shadowy faction also under North Korean patronage, operating beneath the covert wings of the Reconnaissance General Bureau (RGB). This group is relatively new, but their impact is profound. Their primary focus? The cryptocurrency and blockchain industries. Not content with the simplicity of regular heists, they have mastered the art of supply chain compromises. Their methods? Impeccably sophisticated, as described in Google’s Cloud Threat Horizons Report.

“A notable example is their suspected exploitation of JumpCloud, which they leveraged to infiltrate a software solutions entity and subsequently victimize downstream customers within the cryptocurrency vertical, underscoring the cascading risks posed by such advanced adversaries,” the report reads.

In their most memorable breach, they lured a victim on Telegram, deploying malware via Docker containers to bypass MFA security protocols in Google Cloud. Millions were stolen in a swift operation. In another instance, they infiltrated LinkedIn, stole AWS session cookies, injected malicious JavaScript into cloud services, and siphoned off more millions. Theirs is not merely a crime-it is the very art of subversion.

By 2025, it became clear: crypto theft has morphed from mere theft to a tool of geopolitical chess. The billions lost-and the strategic motives behind these breaches-demonstrate that crypto exchanges, infrastructure providers, and governments must now approach crypto security with the same level of vigilance as national defense. Without unified defense mechanisms, intelligence sharing, and fortified safeguards, the losses will continue to spiral into oblivion.

2025-10-03 19:59

1. Lazarus Group

2. Gonjeshke Darinde

3. UNC4899

Read More