Lazarus TraderTraitor Cryptocurrency Operations
Lazarus Group TraderTraitor subgroup campaign conducting largest cryptocurrency heists in history. Includes 2023 JumpCloud supply chain compromise, Atomic Wallet hack ($100M), Stake.com hack ($41M), 2024 WazirX heist ($235M), DMM Bitcoin heist ($308M), and 2025 Bybit hack ($1.5B). Social engineering of developers via fake job offers and coding challenges.
Start date
1 January 2023
End date
—
Techniques
19
Attributed actors
Techniques (19)
command-and-control3
T1573.001Symmetric Cryptography
T1105Ingress Tool Transfer
T1071.001Web Protocols
credential-access2
T1552.001Credentials In Files
T1555Credentials from Password Stores
discovery2
T1082System Information Discovery
T1083File and Directory Discovery
execution3
T1059.003Windows Command Shell
T1059.006Python
T1059.001PowerShell
exfiltration1
T1041Exfiltration Over C2 Channel
initial-access3
T1566.002Spearphishing Link
T1566.001Spearphishing Attachment
T1195.002Compromise Software Supply Chain
lateral-movement1
T1550.004Web Session Cookie
persistence1
T1547.001Registry Run Keys / Startup Folder
privilege-escalation1
T1547.001Registry Run Keys / Startup Folder
stealth3
T1140Deobfuscate/Decode Files or Information
T1070.004File Deletion
T1027Obfuscated Files or Information
Indicators of compromise
No IOCs linked to this campaign yet.