G7 To Confront North Korea’s Billion-Dollar Crypto War Chest in Upcoming Summit
Key Takeaways
- North Korea’s cyber operations have stolen over $1.3 billion in crypto in 2024, funding both its sanctions evasion and weapons programs.
- The Lazarus Group, known for its high-profile hacks, has evolved from simple malware to more sophisticated, long-term cyber operations.
- With tensions rising globally, including North Korea’s growing ties with Russia, the G7 summit will likely address the financial and geopolitical fallout from these cybercrimes.
North Korea’s aggressive cyber operations and multibillion-dollar crypto heists are drawing fresh scrutiny from global leaders ahead of the G7 summit in Alberta, Canada, this June.
According to Bloomberg , the Group of Seven may discuss Pyongyang’s growing use of stolen digital assets to fund weapons development and skirt international sanctions.
Though the summit will center on geopolitical conflicts and global economic pressures, sources say North Korea’s cybercrime—and its staggering profits—may take center stage.
Pyongyang’s Cyber Army Expands Its Global Reach
North Korea’s offensive cyber capabilities have exploded since its 2014 attack on Sony Pictures. In 2024 alone, its hackers executed at least 47 major crypto thefts, including a record-setting $1.5 billion from exchange Bybit.
The Lazarus Group, Pyongyang’s elite hacking unit, no longer focuses solely on smash-and-grab attacks.
Today, its operations involve deep infiltration of crypto platforms, covert funding networks, and exploitation of global labor markets.
Thousands of North Korean IT operatives now work under false identities in companies across the U.S., China, and Russia—earning as much as $300,000 each and quietly funneling the proceeds back to the regime.
U.S. officials warn these operations are a key financial engine for North Korea’s heavily sanctioned government, including the Ministry of Defense and state weapons programs.
Lazarus Evolves: From Malware to Fake Startups
What began with ATM skimming and ransomware has grown into a far more sophisticated threat. Lazarus is now establishing fake companies in the U.S. to spread malware, target developers, and exfiltrate crypto wallets.
Recent FBI investigations uncovered three such fronts:
- Blocknovas: Used fake job postings to deliver malware to developers.
- Softglide: Registered using a Buffalo tax office as its address.
- Angeloper Agency: Never formally registered, but linked to similar activities.
Blocknovas listed an empty lot in South Carolina as its HQ. The FBI has since seized the site, warning that such companies represent a growing national security risk.
Rather than relying on quick hacks, these operations focus on long-term infiltration. By mimicking real crypto startups and tech firms, Lazarus is embedding malware directly into developer environments, enabling them to steal private keys, install backdoors, and evade detection.
Rising Tensions Add Urgency to Global Response
The cyber threat comes amid deepening military ties between North Korea and Russia, including claims that North Korean troops are aiding Russian forces in Ukraine.
With Pyongyang simultaneously scaling its digital campaigns and battlefield involvement, the stakes are rising fast.
G7 leaders are now under pressure to address how digital assets are enabling rogue states to bypass sanctions and destabilize global security.
Whether crypto thefts make the final summit agenda remains to be seen, but the billion-dollar trail left by North Korea’s cyber army is getting harder to ignore.
