Paradigm’s Samczsun warns there’s ‘more to the DPRK than just the Lazarus Group’

Both samczsun and ZachXBT have issued warnings after the Bybit hack last month

by Katherine Ross /
article-image

Artwork by Crystal Le

share

This is a segment from the Empire newsletter. To read full editions, subscribe.

There’s no denying that North Korea’s Lazarus Group is a threat, especially as crypto works overtime to be seen as a safe and acceptable industry (sorry degens, there are still corners for you). 

Paradigm’s samczsun highlighted the good, the bad, and the ugly, a month after the Lazarus Group pulled off the biggest digital heist in history. Oof, that hurt to write. 

Newsletter

Subscribe to Empire Newsletter

The upside is that only one bad actor (which, I guess on the downside, is North Korea) has been so successful in stealing funds. 

But “there’s more to the DPRK than just the Lazarus Group,” he warned.

Unfortunately, the team would later find out that the group had managed to compromise SafeWallet’s own infrastructure, deploying “a malicious payload specifically targeting Bybit. This was a level of sophistication that no one had considered or been prepared for, and it was a major update to many of our threat models.”

But there are ways to stay safe, samczsun noted. He urges caution across the board for individual folks like us. And organizations should “install Mobile Device Management (MDM) and Endpoint Detection and Response (EDR) software” on work devices for security prior to any hack and to ensure visibility afterwards. 

Samczsun’s tune was slightly more optimistic than Paradigm advisor ZachXBT, who earlier this month said the effort to try to freeze funds tracked to the Bybit attack had been an “eye-opening” experience. 

From ZachXBT’s Telegram group.

“The industry is unbelievably cooked when it comes to exploits/hacks,” he wrote. 

Samczsun’s holding out hope that the FBI’s unit dedicated to both tracking and preventing DPRK attacks is strong, an encouraging sign given his recent work with them.

Whether or not the FBI paired with super sleuths such as ZachXBT and samczsun — alongside members of Seal 911 — remains to be seen.

Get the news in your inbox. Explore Blockworks newsletters:

Tags

Newsletter

The Breakdown

Decoding crypto and the markets. Daily, with Byron Gilliam.

Upcoming Events

Digital Asset Summit 2025

Old Billingsgate

Mon - Wed, October 13 - 15, 2025

Blockworks’ Digital Asset Summit (DAS) will feature conversations between the builders, allocators, and legislators who will shape the trajectory of the digital asset ecosystem in the US and abroad.

buy ticketslearn more

Permissionless IV

Industry City | Brooklyn, NY

TUES - THURS, JUNE 24 - 26, 2025

Permissionless IV serves as the definitive gathering for crypto’s technical founders, developers, and builders to come together and create the future.If you’re ready to shape the future of crypto, Permissionless IV is where it happens.

buy ticketslearn more

Permissionless IV Hackathon

Brooklyn, NY

SUN - MON, JUN. 22 - 23, 2025

Blockworks and Cracked Labs are teaming up for the third installment of the Permissionless Hackathon, happening June 22–23, 2025 in Brooklyn, NY. This is a 36-hour IRL builder sprint where developers, designers, and creatives ship real projects solving real problems across […]

learn more

recent research

Research Report Templates (8).png

Research

Solana Meta Aggregators

Meta-aggregators like Titan and Kamino Swap improve price execution for users, making the Solana swapping landscape more competitive. Jupiter has incorporated meta-aggregation features into its latest routing engine to keep users on its front end (own the user, own the flow). At large, teams are treating swaps as a commoditized complement, offering incredibly cheap or free swaps to own the end-user and increase demand for high-margin product offerings (multi-product DeFi). On another note, the divergence in the concentration of aggregator volume between DEXs suggests increased specialization at the DEX layer by asset type.

by Carlos Gonzalez Campo

/

news

article-image

OpinionSupply Shock

You’ll know Bitcoin has won when it’s suddenly boring

Onboarding the world to Bitcoin takes a series of firsts

by David Canellis /
article-image

BusinessEmpire Newsletter

Can the rise in crypto treasury companies spark an alt season?

If we get an altcoin season, it’ll be focused on tokens deemed “ fundamentally valuable enough for traditional public money and capital” to get involved with

by Katherine Ross /
article-image

Lightspeed Newsletter

Solana slides on macro pressure as oil and gold rally

Solana dropped nearly 10% amid mass crypto liquidations triggered by rising geopolitical strife

by Jeff Albus /
article-image

Forward Guidance NewsletterMarkets

Stocks, cryptos lower following Israel strike on Iran

Investors moved to safe assets like the US dollar and gold, but bonds faltered

by Casey Wagner /
article-image

BusinessThe Drop

Coinbase unveils Amex card, Shopify integration

The Amex offers up to 4% bitcoin back, but the deal is a bit ironic considering crypto’s goals

by Kate Irwin /
article-image

0xResearch NewsletterWeb3

Why are big games building on Avalanche instead of Ethereum?

Short answer: Subnets are now cheaper to bootstrap than a Celestia rollup

by Donovan Choy /