In the past year, if you have been paying attention to security reports, you may have noticed an increasingly obvious trend: behind many large attacks, you can see the same name - the North Korean Lazarus group. According to statistics from multiple security agencies, the total amount of stolen assets in the cryptocurrency industry in 2025 is approximately 3.4 billion dollars, of which nearly 2 billion is believed to come from this organization.
This number is actually quite frightening. It means that a national-level hacker team has taken the cryptocurrency industry as a long-term target, rather than as an occasional opportunistic attack. When many people discuss these events, they always focus on vulnerabilities, code audits, or private key management. But I gradually realized that these are just surface issues.
The real problem is that when attackers can observe a system's operation, capital flow, and even team structure over a long period, the entire attack logic is no longer about 'finding vulnerabilities' but instead about 'studying an ecosystem.' The openness and transparency of blockchain were indeed advantages in the early stages, but when the scale of funds turns into billions or even hundreds of billions of dollars, this transparency also begins to expose another side: it allows attackers to collect a large amount of information.
If you think carefully about the structure of many current on-chain systems, it actually assumes that all data is public. Transaction records are public, address relationships are public, capital flows are public, and even the wallets of some large institutions have long been tagged by the community.
For ordinary users, this transparency means trust, but for professional attackers, it’s more like a map that can be studied over a long period. Through on-chain analysis tools, they can observe when funds flow, when they gather, when they disperse, and even analyze the operational rhythm.
Many hacker attacks do not actually happen suddenly, but are precise actions taken after long-term observation. Especially organizations like Lazarus, they are not just code-writing hackers; they are more like a long-operating intelligence team.
In the past few years, there have been many cases showing that these organizations approach internal projects in various ways, such as social engineering attacks, disguising as job seekers, fake identity interviews, and even pretending to be developers to join the team.
When attackers can gain access to the internal systems, many traditional security measures actually become difficult to implement. The targets of attacks are no longer just protocol vulnerabilities but the entire system structure.
This is also why many security experts now say: the security issues of Web3 increasingly resemble organizational confrontations rather than technical confrontations.
At this point, I began to notice a change. In the past two years, more and more companies have placed 'privacy infrastructure' in a very important position when discussing blockchain.
Many people in the past understood privacy as anonymity, but the reality of the business environment is not like that. What companies really need is not complete concealment, but control over the visibility of information.
For example, a company that settles on-chain wants the system to verify the legality of transactions, but does not want competitors to see all commercial data.
For example, financial institutions need to prove the compliance of the source of funds to regulators, but do not wish to disclose complete client information.
The financial system in the real world has actually always operated this way:
The rules are verifiable, but the data is not completely public.
I later noticed that Midnight's design philosophy is actually trying to resolve this contradiction.
Its core logic is not to hide all information, but to use zero-knowledge proofs to allow the system to verify rules while protecting specific data. In other words, you can prove something is true without needing to disclose all the details.
This model sounds technically advanced, but in real life, it is actually very common. Banks can verify that your account balance is sufficient to complete a transaction, but they will not disclose your entire asset situation.
What Midnight wants to do is actually to bring similar logic into the blockchain environment, allowing the network to remain decentralized while protecting participant data privacy.
There’s an interesting design detail that I think is quite fascinating. As far as I understand, there are two different roles of resources in the Midnight network: NIGHT and DUST.
NIGHT is more like a core asset at the network level, while DUST is more like a resource consumed when executing privacy transactions. This structure is somewhat like separating 'value storage' and 'network usage costs.'
Many public chains now have a problem: if the cost of use is directly linked to the token price, when the token rises, user costs will also increase, and when the market falls, the value of the network will be affected.
For enterprises, such fluctuations make it very difficult to budget. Therefore, more and more new projects are trying to redesign the economic structure to make network usage costs more stable.
Returning to the original question: why do organizations like Lazarus continue to attack the cryptocurrency industry?
The reason is actually quite simple: there is a large amount of value here, and many systems are still in their early stages. The history of the internet has also gone through a similar process, where many early websites had almost no security concepts until attacks became more frequent, prompting the entire industry to gradually establish a complete security system.
Blockchain may currently be at a similar stage. From cross-chain bridge vulnerabilities to exchange attacks and various social engineering attacks, reality is forcing this industry to rethink many fundamental issues.
Privacy technology, zero-knowledge proofs, and security architecture—these things may have only been topics of discussion in the tech circle in the past, but as the industry scales, they may gradually become real infrastructure.
Many technological developments are not actually because the concepts are advanced, but because real problems are increasing. When the scale of attacks continues to expand, the industry has no choice but to seek new solutions.
Perhaps looking back a few years from now, the wave of security incidents that emerged in 2025 may become a turning point for upgrading Web3 infrastructure. Projects like Midnight that think about privacy, security, and compliance within the same framework may be trying to answer this industry.
@MidnightNetwork $NIGHT #night
