North Korea Linked to Over Half of 2025 Crypto Heist Losses

TRM has published new research showing that North Korea-linked actors were responsible for more than half of the US$2.7 billion stolen in cryptocurrency hacks in 2025, marking the regime as the single most dominant and sophisticated threat actor in the crypto theft ecosystem.

For years, North Korea has used crypto theft to fund weapons proliferation, evade sanctions, and pursue destabilising activities.

Notably, high-value heists in 2023–2025 have shifted from exploiting smart-contract flaws to targeting the operational infrastructure of exchanges and custodial services. Single points of failure in these systems allow access to large sums.

TRM attributes several major incidents to the regime, including Atomic Wallet, CoinsPaid, Alphapo, Stake.com, CoinEx, and the February 2025 Bybit exploit.

North Korean operators typically gain entry through social engineering.

They use fake job offers or investment pitches to compromise developer systems and extract wallet keys.

Once assets are stolen, they are laundered through a complex network known as the “Chinese Laundromat.”

This network comprises brokers, money transmitters, and trade-based intermediaries.

TRM notes that this process now occurs end-to-end with Chinese actors.

Funds move across chains, exchanges, and jurisdictions, often converting into stablecoins such as USDT on Tron before settlement in yuan, goods, or payments to North Korean front companies.

Therefore, for exchanges and financial institutions, this evolution collapses traditional silos between cybersecurity and AML.

Static blocklists are insufficient; effective detection requires monitoring cross-chain flows and nested service counterparts, while pairing hardware-secured key storage with tiered withdrawal policies and privileged-access segmentation.

Overall, North Korea’s operations reflect the industrialisation of crypto theft.

They blend cyber activity, intelligence support, and outsourced laundering to create a state-directed revenue system.

As stablecoins and crypto payments grow, tracing stolen assets becomes increasingly complex.

This highlights the need for coordinated, cross-border measures to counter these structured, high-volume operations.

Featured image credit: Edited by Fintech News Hong Kong, based on image by aukid via Freepik

The post North Korea Linked to Over Half of 2025 Crypto Heist Losses appeared first on Fintech Hong Kong.