North Korean hackers shatter records, steal $2.02 billion in crypto in 2025

North Korean hackers, the cyber attackers sponsored by the rogue regime, have swiped over $2.02 billion in crypto since January. This has pushed the Democratic People’s Republic of Korea’s (DPRK) all-time haul to over $6 billion.

According to the Chainalysis report, hackers stole $681 million more in 2024, representing a 51% year-over-year increase. This brought the total identified haul from crypto theft since 2016 to $6.75 billion. 

North Korea hackers shift their strategy to fewer but larger attacks

The report revealed that the hackers have changed their strategy to fewer but dramatically larger attacks, underpinned by March’s $1.4 billion hack of Bybit. They have achieved these results by embedding IT workers inside crypto services to gain privileged access and enable high‑impact compromises. 

North Korean groups mainly target large, centralized crypto services, aiming for maximum impact rather than frequency. DPRK-linked actors were responsible for 76% of all service-level compromises in 2025, the most ever recorded.

DPRK actors have demonstrated consistency in working with smaller tranches below $500,000, rather than distributing stolen funds in large on-chain transfers in the $1M to $10M+ range, unlike other hackers. This is a sign of increasingly sophisticated operational security.

Analysis of post-hack activity reveals a consistent pattern in how these events are associated with the movement of stolen funds throughout the crypto ecosystem. Following major theft events between 2022 and 2025, stolen funds follow a structured, multi-wave laundering pathway that unfolds over approximately 45 days. This is a widow that the law enforcers can use to intercept.

Additionally, DPRK-linked wallets rely heavily on Chinese-language guarantee services, brokers, and over-the-counter networks, and extensive use of bridges and mixing services. They largely avoid the DeFi lending protocols, decentralized exchanges, and peer-to-peer platforms favored by other criminals. 

This year, North Korea has used AI in its hacking efforts. They integrate large language models into nearly every stage of their attacks: reconnaissance, phishing, code analysis, and laundering the proceeds.

Personal wallet comprises a decline of over 50%

Overall, the cryptocurrency industry experienced over $3.4 billion in theft from January to early December 2025. Total theft incidents surged to 158,000 in 2025, nearly triple the 54,000 recorded in 2022. 

The number of new and unique victims increased from 40,000 in 2022 to at least 80,000 in 2025. This rise is likely due to greater crypto adoption. For instance, Solana, one of the blockchains with the greatest number of active personal wallets, was at the lead with 26,500 victims.

When measuring crime rates per 100K wallets in 2025, Ethereum and Tron show the highest rates of theft. Ethereum’s large size is reflected in both high rates of theft and a high victim count. On the other hand, although it has a smaller active wallet base, Tron’s position shows an elevated rate of theft.

Personal wallet compromises surged from just 7.3% of total stolen value in 2022 to 44% in 2024. In 2025, they now account for 20% of all value stolen. The total amount stolen from individual victims declined from 2024’s peak of $1.5 billion to $713 million in 2025. However, the share would have been 37% if it weren’t for the outsized impact of the Bybit attack.

Centralized services have experienced large losses due to private key compromises. These platforms remain vulnerable because of this security challenge. While such compromises are rare, their scale still drives a significant share of stolen volumes when they do occur. For instance, they accounted for 88% of losses in Q1 2025.

For the first time, the ratio between the largest hack and the middle of all cases has exceeded 1,000 times. The amount of money stolen in the biggest attacks is now 1,000 times more than in the average case. It’s even more than the bull market peak in 2021. The top three hacks in 2025 account for 69% of all service losses.

Get seen where it counts. Advertise in Cryptopolitan Research and reach crypto’s sharpest investors and builders.