Lazarus Group Allegedly Nets $2.51M Profit from WBTC Trade after Two Years
In a move that has raised big concerns in the crypto community, a wallet linked to the infamous Lazarus Group—a hacking collective associated with North Korea—has reportedly sold off a big chunk of Wrapped Bitcoin (WBTC) it was holding.
The wallet, dubbed 0x784, offloaded all of its 40.778 WBTC, worth about $3.51 million, and exchanged it for 1,857 ETH at an average price of about $86,170 per coin. That trade saw the wallet profit by about $2.51 million—a 251% return on investment.
The attention of blockchain analysts and cybersecurity experts has been drawn to the sale of the wallet and the subsequent distribution of its funds. This is because the wallet was controlled by the Lazarus Group—an entity infamous for carrying out large-scale cyberattacks, especially against financial institutions. But unlike other cybercriminals, who traditionally move their plunder via clandestine payment services like Western Union, the hackers behind the Pyongyang-controlled Lazarus Group use cryptocurrency to launder their stolen funds. And just in case that wasn’t enough to put the wallet and the group that controlled it in a bad light, consider these additional points:
A Profitable Investment in WBTC
The journey of the wallet affiliated with the Lazarus Group and WBTC started in February 2023. In that month, the wallet acquired 40.778 WBTC tokens, at an average price of just $24,521 per token, obtained by spending 999,900 USDT. Over the next two years, the price of WBTC saw a substantial increase, allowing the wallet to capitalize on this appreciation when it finally decided to liquidate WBTC.
The wallet made a profit of $2.51 million by trading all 40,778 WBTC for 1,857 ETH at an average price of $86,170. This accomplishment amounts to a +251% return on investment that is especially remarkable given the volatility, associated risks, and the sheer size of the trade in today’s crypto markets. Doing what few traders can manage to do, the wallet not only achieved a significant profit but also appears to have made a large-scale trade without significantly impacting the market in WBTC or ETH.
While the massive gain from the transaction is clear, the links between the receiving wallet and the notorious Lazarus Group have raised eyebrows. The group has a well-established reputation for high-profile cyberattacks, including some that have hit large financial institutions. And it has also been linked to various methods of stealing and laundering money in the process. So why is this already suspicious transaction now being flagged for additional review?
Distribution of Funds Across Multiple Wallets
After liquidating the WBTC, the wallet carried out several transactions, ensuring that the ETHER post-sale was rendered in a number of different locations. This is not quite so different from normal commercial behavior—dispersing one’s funds makes it less likely that one will be a target for robbers responsive to purely physical or digital economic incentives. But this is a direct effect accomplished through appearance of normalcy. The first ETH wallet we sent a transaction to we will denote with A. As in the first image, A received 205 ETH from the first transaction. Then, A’s business partner (whom we will denote as B) received a second transaction of 500 ETH. Finally, more than half of the funds spread across the three wallets went to an address that is the known ETHER wallet of the Lazarus Group.
Today, the Lazarus Group (North Korean hackers) sold 40.78 $WBTC ($3.51M) for a $2.51M profit (+251%)—after buying it 2 years ago.
They spent 999.9K $USDT to acquire the $WBTC at ~$24,521 in Feb 2023, and sold it for 1,857 $ETH at ~$86,170 just 12 hours ago.
The hackers then… pic.twitter.com/KYQmqnJnIC
— Spot On Chain (@spotonchain) April 3, 2025
The distribution of the funds among several wallets is probably an attempt to further obscure the trail and avoid detection. It’s a method that cybercriminals often use to launder stolen crypto assets and evade tracking systems. By spreading the funds among so many addresses, the Lazarus Group may be trying to make it more difficult to trace the funds back to the original wallet, though blockchain analysis can still offer some visibility into these transactions.
Lazarus Group’s Continued Influence in Crypto
For a long time, Lazarus Group has posed a big problem for the world of cybersecurity, especially because of its association with the theft of digital currencies. The North Korean government-sponsored group has pulled off all kinds of audacious cyberattacks, with some of the biggest hacks (and the most spectacular failures) happening in and around the financial sector. They’ve tried to rob banks and insurance companies, and to hack into cryptocurrency exchanges (a target of choice for them, apparently).
The latest WBTC trade is simply the most recent in a long series of transactions tied to the Lazarus Group. They have used cryptocurrencies as a means of laundering stolen funds and have carried out a persistent variety of schemes to accomplish that.
This has been a problem for the crypto community for years. Stolen crypto is used to buy all sorts of things, not just WBTC. And because the blockchain is an open ledger, those stolen funds remain on the ledger, in the wallets associated with the crimes, for all to see. Disrupting this operation isn’t just a problem for crypto; it’s a global problem.
The latest development highlights the continuous risks linked to cryptocurrency, especially the danger of being used for illegal activities and financial manipulation. It is not just individuals but also more and more organizations in the crypto space that are now aware of the Lazarus Group’s modus operandi. And as that awareness grows, so does the demand for crypto platforms and exchanges to adopt even stronger anti-money laundering (AML) measures.
Conclusion
The Lazarus Group’s recent move to liquidate its WBTC holdings for a $2.51 million profit has once again put the focus on the intersection of cryptocurrency and cybercrime. While the profit and strategic timing of the trade highlight the group’s ability to essentially capitalize on the crypto markets—and raise an eyebrow or two about whether or not the group had prior knowledge of impending regulatory crackdowns—the distribution of the resulting ETH across several addresses is much more worrying. This is money laundering 101, and it raises a number of serious concerns about the continued use of digital assets for illicit purposes.
Disclosure: This is not trading or investment advice. Always do your research before buying any Metaverse crypto coins.
