Lazarus Group targets Crypto with half a dozen malicious packages

The Lazarus Group of North Korea has been troubling the broader crypto market with a recent study by the

Socket Research Team, noting that the bad actors have deployed six malicious packages into the npm intending to target developers and digital asset investors.

In the same finding, the researching firm said that all these six malicious packages were collectively downloaded over 330 times. Yet, these packages are identified as copies of known libraries that serve the betterment of not troubling.

Malicious packages are designed to steal credentials and information 

Most of the time, these kinds of malicious packages are designed to steal the confidential information of developers and cryptocurrency owners; once these masterminds gain information like wallets, shares, and others, they wipe out the accounts of the targeted victims.

Till the report was written, all these packages were reported live on the npm registry. Yet, the Socket Research Team has reported the issue with the concerned repositories to remove this from the accessibility library.

The report highlights, “ The tactics, techniques, and procedures (TTPs) observed in this npm attack closely align with Lazarus’s known operations, extensively documented by researchers from Unit42, eSentire, DataDog, Phylum, and others since 2022.”

Lazarus Group & hackers hitting crypto hard 

With the widening adoption of cryptocurrencies, hackers have evolved several new techniques to victimize people who have shown their inclination toward the digital asset market.

At the end of February 2025, a massive hack incident was reported, with a centralized cryptocurrency exchange losing over $1 billion in a hack. Yet, the Lazarus Group later took the responsibility for the hack.

Experts argue that an unorganized set of rules for crypto in North Korea might be a probable reason behind the surge in hacks and thefts from the nation; some also say that these hacks are supported by the government, not directly but by some means.

From 2019 till February 2025, the total estimated amount wiped out by hackers from the market is over $20 billion, including the hack of Bybit, WazirX, FTX, and a few others.

The Ronin Network breach is one of the main heists by the Lazarus Group of North Korea; after hacking Coincheck for $534 million, it also hacked Harmony Bridge for $100 million, Horizon Bridge for another $100 million, and KuCoin for more than $250 million.

The primary target of the hackers has shifted towards centralized exchanges; however, some major groups of hackers avoid hacking decentralized markets.

Why is the market struggling today? 

There are several reasons behind the steady market, yet one primary one is the hack of Bybit, which resulted in more than $1 billion in losses.

As of writing, the crypto market cap was below $3 trillion, at $2.68 trillion, with a decline of 14% in the past 7 days; the market has been struggling below its 20,50, 100, and 200-day exponential moving average.

Similarly, Bitcoin has also continued on a declining path, currently trading at $82,311 with a weekly loss of 8.90% and at the same time below 20, 50, 100, and 200-day EMAs.