If North Korean Cybercrime Was a Startup, How Much Would it be Worth?

North Korean state-sponsored hacking had a banner year.

With a record $1.5 billion dollars stolen from Bybit in February [1], the North Korean advanced persistent threat (APT) nicknamed Lazarus Group raked in approximately $2 billion dollars of cryptocurrency in 2025. This represents a 51% year-over-year growth. These eye watering numbers made me wonder: if we were to value the Lazarus Group as if it were a Silicon Valley startup, how much would it be worth?

Let’s call this entity Lazarus Inc.

Clearly with over two billion dollars in revenue, Lazarus Inc. is at minimum a unicorn. When compared to a company like Palantir that commands a public market valuation of $450 billion with $4.5 billion in revenue, the valuation of Lazarus Inc. is probably much higher than just a paltry billion. Let’s get into it.

Lazarus Inc. Financials

To calculate Lazarus Inc’s valuation we should start with their profit and loss statement. Lazarus Inc. generated approximately $2.02 billion in revenue.

Blockchain forensics firms estimate that converting stolen cryptocurrency into usable cash typically requires paying intermediaries to launder the money: mixers, OTC brokers, shell exchanges, etc. The total accrued fees to convert stolen crypto into liquid cash ranges from 20% to 30% [2]. Using the midpoint of that range implies a cost of about $500 million.

Labor is the next major expense. Estimates from the UN Panel of Experts, South Korean intelligence, and U.S. indictments suggest that North Korea employs between 6,000 and 8,400 personnel in cyber operations, spanning offensive hacking, malware development, social engineering, infrastructure, and money laundering [3]. Taking the middle at a 7,000-person organization and a generous overseas compensation estimate of $50,000 per operator (well above reported wages paid to North Korean workers abroad) annual salary expense totals approximately $350 million.

Subtracting these costs yields operating profit of roughly $1.17 billion, implying an operating margin of approximately 58%. That margin would place Lazarus Inc. among the most profitable software companies in the world.

Rule of 40

In SaaS circles there is a metric called the Rule of 40 that is used to aid in valuing a company. The Rule of 40 is simply the growth rate (51% in this case) added to the profit margin (58%). Companies that clear the 40% threshold command premium valuations, often 2-3x higher than their peers.

For Lazarus Group their Rule of 40 is a ridiculously strong 109%. As of Q4 2024, the median Rule of 40 score across public SaaS companies sits at just 15% [4]. The numbers are even worse for private companies, with the average being just two percent (most private companies SaaS companies have a negative margin) [5].

Ironically, their only peer in this rarefied air is actually Palantir who reported a Rule of 40 of 114% in Q3 2025, somewhat justifying their valuation that is 100x multiple of revenue.

Competitive Moat

When valuing a startup, investors must also take into account the defensibility of the business, factoring in network effects, switching costs, distribution channels, and proprietary data.

Lazarus Inc. is again, exceptional in this regard, as they have the full backing of a nuclear-armed nation-state. They face zero risk of extradition, no regulatory oversight, and their “market” (unsecured crypto wallets) is global.

Their customer acquisition cost (CAC) is effectively zero, as their “marketing” consists of spear-phishing campaigns that cost pennies. Their proprietary database of zero-day exploits and malware continues to grows every year. Their talent lock in is literal. Their highly trained operators cannot defect to America to go and work at Meta for 100 million dollars without risking their life.

The Valuation

So factoring in all these variables, what is their market cap?

If we apply the exuberant 100x revenue multiple that the market currently grants to Palantir, Lazarus Inc. would have a valuation of $200 billion. This would make this clandestine cybercrime ring more valuable than Intel, Boeing, Goldman Sachs, or Anthropic.

However, a prudent investor would discount this valuation for risk. Unlike a legitimate SaaS business, Lazarus Inc.’s revenue is not “recurring” in the traditional sense. It is transactional and lumpy. If we instead price it like a high-risk, high-yield private equity asset, we would look at a more reasonable 15x multiple on EBITDA ($1.17B). That would drop the valuation to $17.5 billion.

All-in-all, considering the gigantic competitive advantages when it comes to retaining talent and compiling proprietary data, the regulatory capture, and the lack of competitive dynamics, I would estimate their market value to be similar to that of Anduril, somewhere between $25 and 35 billion USD.

For reference, this is four times the valuation of Lyft and twice that of Discord.

The Asymmetry of Cybersecurity

Legitimate cybersecurity companies operate under a highly competitive market with regulatory oversight, civil liability, and procurement friction. Their adversaries do not.

In this case, the adversary is growing faster and is more profitable than almost all cybersecurity firms. In a world where hostile state-sponsored actors are an actual profitable operation, we should expect the number and cost of these attacks to continue to grow in 2026.