Lazarus Group Turns TRON Whale with 137M TRX After CoinEx Hack

Tron TRX

The North Korean-backed Lazarus Group, 66th largest TRON (TRX) holder at $11.63 million. They reportedly have $45.8 million in crypto, mainly in Bitcoin ($42M) and $640,000 in stablecoins. Suspected to fund North Korea’s missile program, they stole nearly $200 million in June and July.

Get Instant 100,000 CHIKA Tokens Airdrop Worth Of $100 USD Free On

The Lazarus Group, a hacking collective linked to North Korea, has emerged as a significant TRON whale, as per blockchain data. Lately, they’ve been busy making unlawful profits from cryptocurrency platforms. On September 26, PeckShield, a blockchain security company, revealed that the CoinEx Drainer, linked to them, possesses more than 137 million TRX, worth about $11.63 million.

Expanding Holdings of the Lazarus Group

CoinEx Drainer crypto holdings. Source: X/@PeckShieldAlert

On September 12, there was a hack at CoinEx, and they lost about $55 million. Interestingly, around a fifth of that money was in TRX, which is Tron’s native token. Right now, TRX is trading at $0.084, and it’s gone up by 8% in the last two weeks.

Now, here’s the kicker: The hacking group behind this is Lazarus from North Korea. A blockchain security firm called SlowMist figured that out. But, CoinEx got back on its feet and allowed deposits and withdrawals for some cryptocurrencies on September 21.

Get Instant 100,000 CHIKA Tokens Airdrop Worth Of $100 USD Free On

According to a Dune Analytics dashboard from 21 Shares, which is like a parent company, the Lazarus group has about $45.8 million in crypto right now. They had a lot more earlier in the year, over $80 million, but that was mostly because of a $41 million hack on While they do have a bunch of TRX, most of their stash is in Bitcoin, around $42 million worth.

Centered JavaScript

Lazarus Group crypto balance over time. Source: Dune Analytics

Additionally, they’ve got $640,000 in stablecoins, with a focus on Binance USD (BUSD).

The FBI says that Lazarus swiped nearly $200 million from Atomic Wallet, Alphapo, and CoinsPaid in June and July.

Experts often mention that they’ve been using their stolen crypto money to support North Korea’s missile program.

Hacking Spree Persists

Crypto security experts at Elliptic have been keeping a close eye on Lazarus, and what they’ve found is quite alarming. In just 104 days, Lazarus launched five attacks and made off with a staggering $240 million.

What’s interesting is that some of the money stolen from CoinEx ended up in an address that had previously been used to hide funds taken from Stake. It seems Lazarus has changed its tactics this year.

According to Elliptic, Lazarus is now more interested in targeting centralized services instead of decentralized ones. Plus, they’ve become quite crafty with their methods. They prefer to trick people through social engineering, especially employees at centralized crypto companies, using sophisticated phishing attacks with their Lazarus malware. Be careful out there!

Important: Please note that this article is only meant to provide information and should not be taken as legal, tax, investment, financial, or any other type of advice.

Join Cryptos Headlines Community

Follow Cryptos Headlines on Google News


  • Asad

    Asad is a dynamic and talented cryptocurrency content author who brings a wealth of knowledge and enthusiasm to every article. With a deep understanding of blockchain technology and a passion for digital assets, Asad's writing is both informative and engaging.

    View all posts

Leave a Reply

Your email address will not be published. Required fields are marked *