North Korean state-sponsored hackers stole a record $2.02 billion in cryptocurrency throughout 2025, marking a 51% surge from the previous year and elevating their all-time total to $6.75 billion, according to a new report from blockchain analytics firm Chainalysis.
This haul represents over 59% of the $3.4 billion in total crypto thefts recorded globally in 2025, highlighting the Democratic People’s Republic of Korea’s (DPRK) dominance in large-scale cybercrimes targeting the industry.The spike came despite fewer confirmed incidents, underscoring a strategic pivot toward high-impact attacks on major centralized exchanges.
DPRK-linked groups accounted for 76% of all service-level compromises in the crypto sector this year—the highest share ever recorded. More than two-thirds of the stolen funds stemmed from just three massive hacks, with the largest being a $1.5 billion breach of the Bybit exchange in February, the biggest single crypto theft in history.
Other notable incidents included attacks on smaller platforms, though specifics remain limited in public reports; for instance, Chainalysis’s mid-year update noted DPRK actors’ focus on exploiting vulnerabilities in centralized services for maximum yield.Unlike typical cybercriminals who spread operations across frequent, smaller hits, North Korean hackers prioritize “maximum impact” by zeroing in on large centralized services.
Their laundering techniques further set them apart: Funds are broken into tranches under $500,000 to evade detection, relying heavily on Chinese-language guarantee services, over-the-counter brokers, bridges, and mixing services.
They largely steer clear of decentralized finance (DeFi) lending protocols, exchanges, and peer-to-peer platforms popular among other hackers, suggesting reliance on regional networks amid global sanctions.
Adding a modern twist, reports indicate North Korea is leveraging artificial intelligence to enhance its operations. “North Korea facilitates the laundering of their crypto heists with consistency and fluidity indicative of the use of AI,” Andrew Fierman, head of national security intelligence at Chainalysis, told CoinDesk.
This involves streamlined workflows combining mixers, DeFi protocols, and bridges to convert assets efficiently, supported by a vast laundering network likely automated through AI tools.The 2025 figures build on a pattern of escalation: In 2024, DPRK hackers stole about $1.34 billion, per Chainalysis estimates derived from the 51% year-over-year growth.
Historical data shows consistent targeting of crypto to fund state programs, bypassing international sanctions. As the year closes, experts warn that evolving tactics, including AI integration, could amplify future threats to the burgeoning digital asset ecosystem.
Signpost News is an Imphal-based media house that focuses on delivering news and views from Northeast India and beyond.
Signpost NewsDesk
View More PostsSignpost News is an Imphal-based media house that focuses on delivering news and views from Northeast India and beyond.
