Market NewsMarketsNews
👁 Reviewed by

Our Editorial Standards

CryptoTale ensures top-quality, reliable content through rigorous expert writing, detailed fact-checking, professional editing, and unique visuals, delivering accessible, valuable articles aligned with strict editorial standards and guidelines

Click for more details

North Korean Crypto Thefts Hit Record $2B in 2025: Chainalysis

Photo of Chris Murithi Chris MurithiDecember 19, 2025Last Updated: December 19, 2025
3 minutes read
North Korean Crypto Thefts Hit Record $2B in 2025 Chainalysis
  • North Korean hackers stole over $2B in 2025 as attacks fell, but insider-led heists surged.
  • Chainalysis found DPRK actors drove 76% of major exchange hacks by targeting platforms.
  • Hackers now infiltrate crypto firms as insiders, replacing frequent external attack methods.

North Korean crypto heists reached record levels in 2025 as hackers shifted toward insider infiltration and high-impact attacks. New data shows fewer operations but far larger losses, exposing bigger risks for exchanges and DeFi platforms worldwide.

Blockchain analytics firm Chainalysis reported that North Korean actors stole more than $2 billion in crypto this year. That figure marks a 51% increase compared with 2024 and the highest annual total recorded. The latest haul pushed North Korea’s cumulative crypto theft since 2016 to about $6.7 billion. Authorities track these proceeds as a major funding source for the isolated state.

However, the rise did not come from more frequent hacks. Instead, Chainalysis observed a sharp decline in the number of attacks carried out during 2025. Total attack counts linked to North Korea fell by 74% year over year. Despite that drop, average theft sizes surged to unprecedented levels.

Chainalysis said North Korean hackers now focus on large centralized services. Their aim centers on maximum impact rather than repeated smaller breaches.

Bigger Attacks, Fewer Targets

In 2025, North Korean groups executed some of the largest crypto hacks ever recorded. The biggest single incident dwarfed typical industry losses. Chainalysis found that the largest North Korean hack this year was 1,000 times bigger than an average crypto theft. The scale gap highlights the strategic shift.

The most notable case involved the February breach of Bybit. Investigators linked the attack to North Korean operatives. That single incident drained about $1.5 billion from the exchange. The theft represented nearly three-quarters of North Korea’s total crypto haul for 2025.

Meanwhile, other criminal groups continued targeting DeFi protocols and personal wallets. Their attacks produced smaller but more frequent losses.

North Korean hackers instead concentrated on exchanges and custodial platforms. These services hold deep liquidity and centralized access points. As a result, DPRK-linked actors accounted for 76% of all major exchange and platform hacks in 2025. That share marked the highest level ever recorded.

Infiltration Replaces External Hacking

Chainalysis reported that North Korean operatives increasingly embed IT workers inside crypto companies. These insiders gain privileged access over time. Some operatives apply directly for remote roles using fake identities. Others operate through stolen or rented credentials.

Pablo Sabbatella of the cyber group SEAL described the scale of the problem. He said up to 40% of job applications at crypto firms may involve DPRK operatives.

In addition, hackers now impersonate recruiters rather than job seekers. They pose as hiring managers for crypto and AI firms. These fake recruiters run mock hiring processes. Their goal involves stealing credentials, internal code, and VPN access. According to Chainalysis, collaborators receive 20% of earnings. North Korean handlers keep the remaining 80%.

Related: Hacker Exploits Yi He WeChat to Pump Mubarakah Token: Report

Executives also face tailored social engineering attempts. Attackers pose as investors or acquisition partners to gain internal access. Chris Wong of TRM Labs said the issue extends beyond standard cybersecurity. He described it as a persistent national security threat.

Chainalysis also confirmed growing use of artificial intelligence. Hackers apply large language models during reconnaissance, phishing, and laundering stages. Across the wider industry, crypto theft topped $3.4 billion in 2025. Incident counts nearly tripled compared with 2022.

Despite rising losses, personal wallet theft declined by over 50%. Exchange breaches now dominate total damage. Ethereum and Tron recorded the highest theft rates per wallet. Solana led in victim counts due to its large user base.

Disclaimer: The information provided by CryptoTale is for educational and informational purposes only and should not be considered financial advice. Always conduct your own research and consult with a professional before making any investment decisions. CryptoTale is not liable for any financial losses resulting from the use of the content.

Tags
Photo of Chris Murithi Chris MurithiDecember 19, 2025Last Updated: December 19, 2025
3 minutes read

Related Articles

Ethereum’s Growing State Threatens Long-Term Decentralization

Ethereum’s Growing State Threatens Long-Term Decentralization

December 19, 2025
Uniswap Votes on 100M UNI Burn and New Fee Switch Proposal

Uniswap Votes on 100M UNI Burn and New Fee Switch Proposal

December 18, 2025
WLFI Slides 6%, Technicals Hint at Possible Bottom

WLFI Extends Downtrend with 6% Drop, But Technicals Hint at a Potential Bottom

December 18, 2025
Kyrgyzstan Pushes Global Financing With Bonds and Stablecoin

Kyrgyzstan Pushes Global Financing With Bonds and Stablecoin

December 18, 2025
Back to top button