zeroShadow and partner organizations describe how North Korean cyber actors, broadly identified as Lazarus Group and including the TraderTraitor subgroup, continue stealing and laundering cryptocurrency at scale. The source says TraderTraitor laundered more than $1 billion from the February 2025 Bybit hack between February and June 2025, despite blacklist APIs, bounty incentives, and continuous blockchain tracing. It emphasizes rapid laundering through mainly Chinese OTC and P2P money launderers, decentralized exchanges, bridges, lending protocols, and fragmented wallets, with many transactions split into smaller amounts to reduce freeze impact. The report argues that pre-compromise preparation, trusted notification channels, civil or voluntary freezing processes, and stronger public-private coordination are needed because stolen funds are linked to North Korea’s weapons and nuclear programs.