North Korea’s cybercrime collective Lazarus Group persists in transferring bitcoin to obscured wallets, with its reserves diminishing by 109 BTC ($9.1 million) over the past two days.
The Sleight of Hand Behind Lazarus’ Bitcoin Vanishing Act
Today’s activity recorded by Arkham Intelligence, reveals a deliberate effort to redistribute substantial amounts of bitcoin ( BTC). Since March 20, 2025, the collective has relocated 109 BTC, including 75.448 BTC within the latest 24-hour window.
As of 2 p.m. Eastern Time on Saturday, March 22, 2025, the hacking syndicate holds 13,332 BTC worth $1.12 billion after transferring 109 BTC over the last two days.
With today’s action alone, the initial movements began with a nominal transaction of 0.00012989 BTC ($10.94), followed by five additional dust transactions, each under 0.00074569 BTC ($62.79). These incremental transfers exemplify a tactical approach to obfuscate the larger financial flows that followed.
After the six dust moves, 75.448 BTC was distributed across 35 discrete transactions, commencing with a 1.766 BTC transfer to start. Individual transactions ranged from 0.486 BTC to 4.891 BTC, directed predominantly to fresh Pay-to-Witness-Public-Key-Hash (P2WPKH) wallets, though some funds reached addresses already under observation.
Following this latest dispersal, Lazarus still retains 13,332 BTC ($1.12 billion) across a sprawling network of distinct wallets as of March 22, 2025, at 2 p.m. Eastern Time. Concurrently, the group also diverted 59 ETH ($117,644), reducing its ethereum reserves from 13,658 ETH to 13,599 ETH ($26.99 million).
This systematic redistribution exemplifies the group’s sophisticated operational cadence, blending patience with calculated execution—a reminder of the evolving challenges in tracking state-sponsored cybercrime. The pressing inquiry lies in discerning the destination of Pyongyang’s pilfered assets and the methodology they will employ to dissolve their financial footprints into obscurity.
A cache of 13,332 BTC—equivalent to over a billion dollars—remains a staggering digital trove, demanding meticulous unraveling. Here, the challenge is twofold: Where will these ill-gotten coins ultimately land, and how will the regime engineer a labyrinthine path to erase transactional breadcrumbs? Such a colossal reserve cannot vanish effortlessly; each satoshi must navigate a maze of wallets and bitcoin mixers to eventually achieve some form of plausible deniability if that’s even possible.
Pyongyang’s historical cunning in laundering cryptocurrency—evidenced by layered transactions, algorithmic obfuscation, and cross-chain leaps—suggests a playbook refined through years of audacious cyber heists. Yet, the sheer scale of this hoard amplifies the stakes. Will they fragment it across nascent protocols, funnel it through complicit intermediaries, or deploy algorithmic shuffling to mimic organic market activity?
One truth endures: 13,332 BTC is not merely a number—it is a geopolitical chess piece, an asset held by North Korea cloaked in cryptographic armor. Tracking its migration will require equal parts forensic precision, algorithmic vigilance, and an unyielding grasp of the Bitcoin blockchain’s shadowy but fully open choreography. The game is afoot, and every byte of data could be the linchpin in this high-stakes digital pursuit.