North Korean state-sponsored hackers have shattered their own records once more, pocketing a staggering $2.02 billion in cryptocurrency throughout 2025 – the industry’s most lucrative year yet for Pyongyang’s digital operatives.
This haul, detailed in a fresh report from blockchain analytics firm Chainalysis, marks a 51% jump from last year and pushes their cumulative thefts since tracking began to $6.75 billion.
The ripple effects across the crypto world are hard to ignore, with total industry thefts climbing to $3.4 billion – a figure dominated by North Korean exploits that now account for nearly 60% of all losses.
One can’t help but note the timing: as digital assets soar in value and adoption, the regime’s hackers seem to thrive on the very growth meant to democratize finance.
Experts point out that these funds likely bolster North Korea’s nuclear and missile programs, turning volatile tokens into very real geopolitical fuel.
Meanwhile, the industry’s push toward becoming the “crypto capital” under new policies finds itself awkwardly sharing the spotlight with these record-breaking breaches.
Chainalysis released its latest findings this week, confirming that North Korea-affiliated groups stole over $2.02 billion from January through early December.
That’s more than half again what they managed in 2024, achieved with notably fewer attacks – suggesting a shift to quality over quantity in their operations.
The crown jewel was February’s breach of Dubai-based exchange Bybit, where hackers linked to the notorious Lazarus Group made off with $1.5 billion, mostly in Ethereum.
This single event, the largest in crypto history, accounted for a hefty chunk of the year’s totals and highlighted how one well-executed strike can redefine annual statistics.
U.S. officials, including the FBI, quickly attributed the Bybit incident to North Korea, part of a pattern dating back years.
Since 2016, these thefts have amassed $6.75 billion, a sum that underscores crypto’s unfortunate appeal as a 24/7 global target.
Andrew Fierman, Chainalysis’s head of national security intelligence, noted the regime’s patience in selecting vulnerabilities amid the sector’s expansion.
Hackers have grown savvier, embedding fake IT workers in crypto firms or using executive impersonation to gain insider access.
Laundering has become an art form too, with funds shuffled across wallets, blockchains, and DeFi protocols in structured waves – often in smaller batches to evade detection.
Former prosecutor Eun Young Choi described crypto heists as the “easiest way” for the regime to generate revenue under heavy sanctions.
As asset prices climbed this year, so did opportunities, turning market enthusiasm into unintended openings for state actors.
Senator Elizabeth Warren recently urged investigations into how illicit players, including North Korean groups, exploit DeFi to move funds.
Her concerns arrive as the industry celebrates policy wins aimed at fostering U.S. leadership in crypto.
Yet Chainalysis warns that greater adoption may simply hand more targets to these patient operators.
Fewer incidents but massive payoffs paint a picture of efficiency that’s as impressive as it is alarming.
The global crypto community now grapples with fortified defenses while North Korea quietly cashes in on the boom it helped fuel.
Leave a Reply