North Korean state-sponsored hacking had a banner year.
With a record setting $1.5 billion dollars stolen from Bybit in February of 2025[1], the advanced persistent threat (APT) Lazarus Group raked in approximately $2 billion dollars of cryptocurrency in 2025, representing 51% YOY growth. This got me wondering: if we were to value the Lazarus Group as if it were a Silicon Valley startup, what would it be worth?
Let's call this entity Lazarus Inc.
Clearly with over two billion dollars in revenue, Lazarus Inc. is at least a unicorn. And when compared to a company like Palantir that commands a public market valuation of $450 billion with $4.5 billion in revenue, the valuation of Lazarus Inc. is much higher than just a paltry unicorn.
Lazarus Inc. Financials
Starting with their profit and loss statement, Lazarus Inc. generated approximately $2.02 billion in revenue. Blockchain forensics firms estimate that converting stolen cryptocurrency into usable cash typically requires paying intermediaries: mixers, OTC brokers, shell exchanges. The fees range from 20% to 30%[2]. Using the midpoint of that range implies about a cost of about $500 million to liquidate their earnings.
Labor is the next major expense. Estimates from the UN Panel of Experts, South Korean intelligence, and U.S. indictments suggest that North Korea employs between 6,000 and 8,400 personnel in cyber operations, spanning offensive hacking, malware development, social engineering, infrastructure, and money laundering[3]. Taking the middle at a 7,000-person organization and a generous overseas compensation estimate of $50,000 per operator (well above reported wages paid to North Korean workers abroad) annual salary expense totals approximately $350 million.
Subtracting these costs yields operating profit of roughly $1.17 billion, implying an operating margin of approximately 58%. That margin would place Lazarus Inc. among the most profitable software companies in the world.
Operating margin, placing Lazarus Inc. among the most profitable software companies in the world.
Rule of 40
In SaaS circles, there is a metric called the Rule of 40 that is used to aid in valuing a company. The Rule of 40 is simply the growth rate (51%) added to the profit margin (58%). Companies that clear the 40% threshold command premium valuations, often 2-3x higher than their peers.
For Lazarus Group, we are looking at 109% for this metric which is nearly unheard of. As of Q2 2025, the median Rule of 40 score across tracked SaaS companies sits at just 23%. Only 13% of public SaaS companies exceed the 40% threshold. Ironically, their only peer in this rarefied air is Palantir, which reported a similar Rule of 40 score of 114% in Q3 2025.
Competitive Moat
When valuing a startup, investors must take into account the defensibility of the business, factoring in network effects, switching costs, distribution channels, and proprietary data.
Lazarus Inc. is again, exceptional in this regard as they have the full backing of a nuclear-armed nation-state. They face zero risk of extradition, no regulatory oversight, and their "market" (unsecured crypto wallets) is global.
Their customer acquisition cost (CAC) is effectively zero, as their "marketing" consists of spear-phishing campaigns that cost pennies. Their talent retention is ridiculously strong as operators cannot defect to America to go and work at Meta for 100 million dollars.
The Valuation
So, what is their market cap?
If we apply the exuberant 100x revenue multiple that the market currently grants to Palantir, Lazarus Inc. would command a valuation of $200 billion.
This would make this clandestine cybercrime ring more valuable than Intel, Goldman Sachs, Anthropic, or Boeing.
However a prudent investor would discount this valuation for risk. Unlike a legitimate SaaS business, Lazarus Inc.'s revenue is not "recurring" in the traditional sense, it is transactional and lumpy. If we instead price it like a high-risk, high-yield private equity asset we would look at a more reasonable 15x multiple on EBITDA ($1.17B), the valuation comes down to $17.5 billion.
All-in-all, considering the gigantic competitive advantages when it comes to retaining talent and compiling proprietary data, the regulatory capture, and the lack of competitive dynamics, I'd estimate the valuation of Lazarus Inc. to be around $30 billion.
Estimated valuation of Lazarus Inc., roughly the same as Anduril and four times the valuation of Lyft.
The Asymmetry of Cybersecurity
Cybersecurity companies operate under regulatory oversight, civil liability, procurement friction, and relentless margin pressure. Their adversaries do not. In this case, the adversary is more profitable, growing faster, and operating with state backing.
In a world where hostile state-sponsored actors can operate profitably with higher margins than most firms, you know the chips are stacked against you.
[1] https://www.chainalysis.com/blog/2025-crypto-crime-mid-year-update/ ↩
[2] https://thehackernews.com/2023/12/beware-scam-as-service-aiding.html ↩
[3] https://thecyberexpress.com/north-korea-has-a-cyber-army-of-8400-hackers/ ↩
[4] https://blossomstreetventures.medium.com/q4-2024-rule-of-40-data-in-public-saas-d8a7d829ae16 ↩
[5] https://www.blossomstreetventures.com/saas-metric/annual-rule-of-40 ↩