Arkham describes Lazarus Group as a North Korean state-sponsored hacking unit under the Reconnaissance General Bureau with a long record of major cyber operations, including Operation Troy, Sony Pictures, WannaCry, bank thefts, and cryptocurrency exchange compromises. The excerpt says the group shifted heavily toward cryptocurrency around 2017, stole eight-figure sums from South Korean exchanges by 2018, and later conducted multiple nine-figure crypto hacks before a billion-dollar Bybit multisig compromise in 2025. The reporting links Lazarus activity to North Korean sanctions evasion and weapons funding, citing a White House estimate that cyberattack proceeds funded roughly half of North Korea’s missile program in 2023. It also highlights AppleJeus fake trading apps, BloxHolder DLL sideloading and encryption, fake IT worker schemes, and laundering through THORChain, cross-chain bridges, and Bitcoin UTXO-style fund splitting.