Top 3 Most Wanted Cryptohackers

By 2025, cryptocurrency thefts have evolved from simple frauds into sophisticated nation-state-backed operations, targeting major exchanges and critical infrastructure. More than $2.17 billion was stolen in the first half of 2025, and this amount continues to grow.

In September alone, 20 cryptocurrency attacks resulted in losses totaling $127.06 million, highlighting the growing threat. Below are three prominent hackers involved in major cryptocurrency attacks.

1. Lazarus Group

The Lazarus group is a notorious hacker organization backed by North Korea. Also known as APT 38, Labyrinth Chollima, and HIDDEN COBRA, it has consistently demonstrated its ability to bypass even the most advanced security systems.

Hacken reports that their operations have been ongoing since at least 2007, beginning with attacks on South Korean government systems. Other notable attacks include the 2014 Sony Pictures hack (in retaliation for the film “The Interview”), the 2017 WannaCry ransomware, and ongoing attacks on South Korean economic sectors.

In recent years, Lazarus has been actively stealing cryptocurrency, stealing over $5 billion from 2021 to 2025. The most significant attack was on Bybit in February 2025, when the group stole $1.5 billion in Ethereum (ETH)—the largest cryptocurrency theft in history. Other operations included the theft of $3.2 million in Solana (SOL) in May 2025.

“The ByBit hack in North Korea has fundamentally changed the threat landscape in 2025. The $1.5 billion theft not only represented the largest cryptocurrency theft in history, but also accounted for approximately 69% of all funds stolen from services that year,” Chainalysis reported in July.

2. Gonjeshke Darinde

Gonjeshke Darande (predatory sparrow) is a politically motivated cyberattack group linked to Israel. Amid the escalating conflict between Israel and Iran, the group hacked Nobitex, Iran's largest crypto exchange, stealing approximately $90 million before destroying the funds.

Gonjeshke Darande also published Nobitex's source code, undermining trust in the exchange's systems and dealing a serious blow to its reputation among users and partners.

“12 hours ago, 8 burn addresses destroyed $90 million from Nobitex wallets, a tool the regime uses to evade sanctions. In 12 hours, the Nobitex source code will be publicly available, and the closed Nobitex system will lose its protection. Where do you want to store your assets?” they wrote in June.

Other attacks by the group also targeted Iranian infrastructure, banks and other targets.

  • In July 2021, Gonjeshke Darande disrupted Iran's railway system, causing significant delays and displaying mocking messages on boards.
  • In October 2022, the group attacked three major steel mills, releasing footage of fires that caused severe physical and economic damage.
  • In May 2025, they hacked Bank Sepah, Iran's state-owned bank, leaked sensitive data and disrupted financial operations.

3. UNC4899

UNC4899 is another North Korean state-affiliated hacker unit focused on cryptocurrency. According to a Google Cloud Threat Horizons report, the group operates under the direction of the Main Intelligence Directorate (GRU), North Korea's primary intelligence agency.

The report revealed that the group has been active since at least 2020. UNC4899 has focused its efforts on the cryptocurrency and blockchain sectors. The group has demonstrated a high level of proficiency in compromising supply chains.

“A notable example is their use of JumpCloud to infiltrate a software company and harm its cryptocurrency clients. This highlights the cascading risks posed by such sophisticated adversaries,” the report states.

Between 2024 and 2025, cryptohackers carried out two major heists. In one case, they lured a victim into Telegram, injected malware through Docker containers, bypassed Google Cloud multi-factor authentication, and stole millions in cryptocurrency.

In another case, they approached a target through LinkedIn, stole AWS session cookies to bypass security controls, injected malicious JavaScript into cloud services, and again stole millions in digital assets.

Instead of conclusions

Thus, this year, cryptocurrency thefts have become a tool not only for financial crime but also for geopolitical conflict. Billions in losses and the strategic motives behind many attacks demonstrate that exchanges, infrastructure providers, and even governments must consider cryptocurrency security a matter of national security. Without coordinated defense, intelligence sharing, and enhanced security measures across the ecosystem, losses will only mount.

Источник: cryptocurrency.tech

No votes yet.
Please wait...
Avatar photo
INFBusiness

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *