Carnegie's financial-sector incident timeline includes a DPRK-relevant entry stating that Lazarus used trojanized decentralized-finance applications in an April 2022 spearphishing campaign. The timeline labels the activity as a high-confidence state-sponsored actor case and says the delivered malware was a full-featured backdoor capable of controlling compromised victims. A nearby entry also records the March 2022 Ronin/Axie Infinity bridge theft of about $615 million in ether and USD Coin, later attributed by the United States to Lazarus Group with sanctions against an Ethereum wallet. For Lazarus Day, the useful evidence is the linkage between North Korean operators, DeFi-themed delivery, backdoor deployment, and large cryptocurrency thefts against financial infrastructure.