North Korean Hackers Stole $2 Billion in Cryptocurrency in 2025, Report Finds
In 2025, DPRK-linked hackers have stolen $2.02 billion in cryptocurrency, accounting for 59% of the total crypto thefts this year, which amount to $3.4 billion so far. This marks a 51% increase from 2024 and represents the largest year on record for North Korean-related crypto theft.
A notable incident contributing to this figure is the February 2025 Bybit attack, which involved approximately $1.5 billion stolen. Analysts note that while the total number of attacks declined, the damage inflicted per incident by DPRK hackers has grown significantly.
According to Chainalysis, North Korean attackers follow a three-wave, 45-day laundering pattern. Their techniques include utilizing Chinese-language services, cross-chain asset bridging, and crypto mixing to launder stolen assets.
There has been a shift in attack methods, with malicious actors hired by cryptocurrency companies gaining privileged access before executing thefts. Binance reports highlight attempts by DPRK attackers to infiltrate major exchanges through employment, employing sophisticated tactics like AI-generated live video and voice interactions during recruitment processes to deceive interviewers.
Additionally, DPRK hackers have compromised projects by poisoning NPM packages and public code libraries, emphasizing the importance of thorough software-library audits to prevent infiltration.
Chainalysis warns of a challenging outlook for 2026, predicting difficulties in detecting and preventing high-impact DPRK operations. Despite a 74% decrease in known attacks in 2025, North Korean hackers achieved record levels of cryptocurrency theft this year.
