The FBI attributed the roughly $41 million theft from Stake.com to North Korea's Lazarus Group after funds were taken from Stake-controlled Ethereum, Binance Smart Chain, and Polygon addresses. TRM's on-chain tracing says the actors swapped much of the ETH and BSC value into native assets, moved Polygon/MATIC through Squid Router to Avalanche, converted value into wrapped BTC, and bridged it to Bitcoin. The laundering pattern aligns with recent Lazarus activity using cross-chain movement, Avalanche Bridge, Bitcoin, and mixers after sanctions and takedowns disrupted Tornado Cash, Ren Bridge, and ChipMixer workflows. The report also links the same DPRK actors to 2023 thefts from Alphapo, CoinsPaid, and Atomic Wallet, underscoring the need for exchanges and compliance teams to track FBI-identified addresses and evolving bridge-based laundering routes.