Crypto’s Most Wanted: 3 Hackers Driving the Digital Crime Wave

In 2025, cryptocurrency theft has developed from easy rug pulls and opportunistic scams into subtle, nation-state–sponsored operations that focus on main exchanges and significant infrastructure. Over $2.17 billion was stolen in the first half of 2025, and that determine continues to rise month by month.

In September alone, 20 crypto-related assaults resulted in $127.06 million in reported losses, highlighting the rising menace. Below are three high-profile hackers who’ve been concerned in main crypto assaults.

1. Lazarus Group

The Lazarus Group is an notorious, long-running hacking group backed by North Korea. Known by aliases similar to APT 38, Labyrinth Chollima, and HIDDEN COBRA, the group has constantly demonstrated the means to bypass even the most advanced security systems. 

Moreover, Hacken noted that their operations date again to a minimum of 2007, starting with intrusions into South Korean authorities techniques. Other notable assaults embrace the Sony Pictures hack in 2014 (retaliation for the movie The Interview), the WannaCry ransomware outbreak in 2017, and ongoing campaigns focusing on financial sectors in South Korea.

In latest years, Lazarus has targeted closely on cryptocurrency theft, stealing greater than $5 billion between 2021 and 2025. The most vital was the Bybit hack in February 2025, when the group stole $1.5 billion in Ethereum (ETH)—the largest crypto heist on document. Additional operations included a $3.2 million Solana (SOL) theft in May 2025.

“The DPRK’s ByBit hack essentially altered the 2025 menace panorama. At $1.5 billion, this single incident not solely represents the largest crypto theft in historical past, but additionally accounts for about 69% of all funds stolen from providers this yr,” Chainalysis wrote in July.

2. Gonjeshke Darinde

Gonjeshke Darande (predatory sparrow) is a politically motivated cyberattack group, extensively believed to have ties to Israel. Amid escalating Israel-Iran conflicts, the group exploited Nobitex, Iran’s largest crypto exchange, stealing about $90 million earlier than burning the funds.

Gonjeshke Darande additionally exposed Nobitex’s supply code publicly, undermining the trade’s proprietary techniques and delivering a significant blow to its credibility with customers and companions.

“12 hours in the past, 8 burn addresses burned $90 million from the wallets of the regime’s favourite sanctions violation device, Nobitex. 12 hours from now The source-code of Nobitex will probably be open to the public, and Nobitex’s walled backyard will probably be with out partitions. Where would you like your property to be?” they posted in June.

The group’s different assaults have additionally targeted on Iranian infrastructure, banks, and extra. 

• In July 2021, Gonjeshke Darande disrupted Iran’s railway techniques, inflicting main delays and posting mocking messages on public boards.
• In October 2022, the group attacked three main metal vegetation, releasing footage of fires that triggered critical bodily and financial injury.
• In May 2025, they breached Bank Sepah, Iran’s state-owned financial institution, leaking delicate information and disrupting monetary operations.

The octopus ruling Iran has many arms – they’re being lower off one after the other

This week, we, “Gonjeshke Darande”, focused the IRGC’s monetary lifelines – the arteries feeding terror and destruction.

These infrastructures weren’t operated for the advantage of the residents.
They… pic.twitter.com/5aEiN0esGl

— Gonjeshke Darande (@GonjeshkeDarand) June 20, 2025

3. UNC4899

UNC4899 is one other North Korean state-sponsored crypto hacking unit. According to Google’s Cloud Threat Horizons Report, the group operates underneath the Reconnaissance General Bureau (RGB), North Korea’s major intelligence company.

The report revealed that the group has been lively since a minimum of 2020. Furthermore, UNC4899 has concentrated its efforts on the cryptocurrency and blockchain sectors. The group has demonstrated superior capabilities in executing provide chain compromises.

“A notable instance is their suspected exploitation of BounceCloud, which they leveraged to infiltrate a software program options entity and subsequently victimize downstream prospects inside the cryptocurrency vertical, underscoring the cascading dangers posed by such superior adversaries,” the (*3*) reads.

Between 2024 and 2025, the crypto hacker carried out two main crypto heists. In one case, they lured a sufferer on Telegram, deployed malware by Docker containers, bypassed MFA in Google Cloud, and stole thousands and thousands in cryptocurrency. 

In one other, they approached a goal by way of LinkedIn, stole AWS session cookies to bypass safety controls, injected malicious JavaScript into cloud providers, and once more siphoned off thousands and thousands in digital property.

Thus, this yr, crypto theft has turn into a device of geopolitical battle as a lot as monetary crime. The billions misplaced this yr—and the strategic motives behind many assaults—reveal that exchanges, infrastructure suppliers, and even governments should now deal with crypto safety as a matter of nationwide safety. Without coordinated protection, intelligence sharing, and stronger safeguards throughout the ecosystem, the losses will solely proceed to escalate.

The publish Crypto’s Most Wanted: 3 Hackers Driving the Digital Crime Wave appeared first on BeInCrypto.