North Korea's Lazarus Group Uses Social Engineering Against Wallet Infrastructure Developers to Execute Billion-Dollar Exchange Heists

North Korea's Lazarus Group (operating under the DPRK's Reconnaissance General Bureau) compromises individual developers at critical wallet infrastructure companies to steal from major exchanges, as demonstrated by the $1.5 billion Bybit hack in February 2025 -- the largest single crypto heist in history. Why it matters: a single developer at Safe{Wallet} was socially engineered and had malware installed on their workstation, so the attackers gained control of Safe's deployment pipeline; so they injected dormant malicious code targeting Bybit specifically into Safe's website; so when a Bybit employee authorized a routine transaction, the code swapped in a drain command that siphoned 401,346 ETH; so within days 86% of the stolen ETH was converted to BTC and laundered through decentralized exchanges and cross-chain bridges; so the DPRK netted more from this single hack than the $1.34 billion they stole across all of 2024, directly funding their nuclear weapons program with an estimated 50% of foreign currency earnings coming from cybercrime. The structural root cause is that the crypto industry's security model depends on a small number of open-source wallet infrastructure providers (like Safe{Wallet}) whose individual developers represent single points of failure, yet there is no industry-wide standard for supply-chain security, mandatory code-signing, or multi-party deployment verification for critical smart contract infrastructure.