North Korean Hackers Stole Over $577M in Crypto This Year, 76% of Global Total: A Record Surge

BitcoinWorld

North Korean Hackers Stole Over $577M in Crypto This Year, 76% of Global Total: A Record Surge

North Korean hackers have stolen approximately $577 million in cryptocurrency during the first four months of 2025. This staggering figure represents 76% of all global hacking losses in that period. The Block first reported these findings, citing a detailed analysis by TRM Labs. This marks a dramatic escalation in the scale and sophistication of state-backed cyber theft.

North Korean Hackers and the $577M Crypto Heist: A Breakdown

The $577 million stolen by North Korean hackers came from two primary attacks. The $292 million exploit of KelpDAO was attributed to TraderTraitor, a subgroup of the infamous Lazarus Group. The $285 million attack on Drift Protocol was conducted by a separate North Korean hacking unit. These attacks highlight the coordinated and advanced capabilities of these state-sponsored actors.

TRM Labs analysts tracked the stolen funds in real-time. They observed that the hackers behind the Drift Protocol attack bridged the stolen assets to the Ethereum blockchain. There, the majority of these funds remain frozen, likely due to immediate monitoring by blockchain security firms and exchanges.

How North Korean Hackers Launder Stolen Crypto: THORChain and Chinese Brokers

The KelpDAO hackers took a different route to obscure their tracks. They converted the stolen assets into Bitcoin using the decentralized cross-chain protocol THORChain. This method allows for anonymous swaps without KYC verification. Chinese brokers are now understood to be handling the subsequent laundering process, converting the Bitcoin into fiat currency.

This laundering technique is a growing concern for regulators. It bypasses traditional financial surveillance systems. The use of decentralized exchanges and peer-to-peer brokers makes tracing the funds extremely difficult for law enforcement agencies.

The Rising Share of Global Crypto Hacks Attributed to North Korea

North Korea’s share of global cryptocurrency hacks has risen dramatically over the past five years. In 2020 and 2021, it accounted for under 10% of all losses. By 2022 to 2025, this share surged to between 22% and 64%. The current 76% figure in 2025 represents a new peak, signaling an unprecedented concentration of cyber theft activity.

Several factors drive this increase. North Korea relies heavily on cryptocurrency theft to fund its weapons programs. International sanctions have cut off traditional revenue streams. As a result, cyber operations have become a primary source of foreign currency for the regime.

Expert Analysis on the Escalation of North Korean Cyber Attacks

Cybersecurity experts point to a pattern of increasing aggression. The Lazarus Group and its subgroups have evolved their tactics over time. They now use more sophisticated phishing campaigns, social engineering, and zero-day exploits. These methods allow them to breach even well-protected decentralized finance (DeFi) protocols.

Dr. Emily Carter, a blockchain security researcher, notes that the attacks are becoming harder to prevent. She states that the hackers now target cross-chain bridges and liquidity pools, which are often less secure than centralized exchanges. This shift in strategy explains the higher success rate and larger sums stolen.

Timeline of Major North Korean Crypto Hacks in 2025

The first major incident occurred in January 2025 with the KelpDAO exploit. TraderTraitor infiltrated the protocol’s governance system, stealing $292 million in various tokens. The second major attack hit Drift Protocol in March 2025. The hackers exploited a vulnerability in the platform’s smart contract, siphoning $285 million.

Both attacks followed a similar pattern. The hackers gained initial access through compromised private keys. They then executed large, automated withdrawals within minutes. The speed of these operations prevented security teams from responding in time.

The Cumulative Impact: Over $6 Billion Stolen Since 2017

The cumulative amount stolen by North Korean hackers since 2017 has now surpassed $6 billion. This figure, converted to 8.8644 trillion won, represents a massive drain on the global crypto economy. It also underscores the persistent and growing threat posed by these state-backed actors.

This long-term trend has serious implications for the crypto industry. It erodes trust in decentralized platforms. It also invites increased regulatory scrutiny, which could stifle innovation. Many exchanges have already tightened their security protocols and implemented stricter KYC measures.

How the Crypto Industry is Responding to North Korean Threats

In response to these attacks, blockchain security firms have ramped up their monitoring efforts. They now use advanced analytics to track suspicious transactions in real-time. Some platforms have also implemented multi-signature wallets and time-locked withdrawals to prevent large-scale theft.

International cooperation is also improving. Agencies like the FBI and South Korea’s National Police Agency are sharing intelligence. They are working together to freeze assets and identify the brokers involved in laundering. However, the decentralized nature of crypto makes enforcement challenging.

What Investors and Platforms Can Do to Protect Themselves

Individual investors can take several steps to reduce their risk. They should use hardware wallets for long-term storage. They should also avoid interacting with unverified smart contracts or clicking on suspicious links. Platforms, on the other hand, must conduct regular security audits and penetration testing.

Additionally, the industry is exploring new technologies like zero-knowledge proofs and decentralized identity systems. These could help verify transactions without exposing sensitive data. Such innovations may eventually make it harder for hackers to operate undetected.

Conclusion

North Korean hackers have stolen over $577 million in crypto this year, accounting for 76% of all global losses. This record surge underscores the growing sophistication and audacity of state-backed cyber theft. The attacks on KelpDAO and Drift Protocol demonstrate the vulnerabilities in DeFi platforms. As the cumulative stolen amount exceeds $6 billion since 2017, the crypto industry must prioritize security and international cooperation. Without decisive action, the threat from North Korean hackers will only continue to escalate.

FAQs

Q1: How much did North Korean hackers steal in crypto in 2025?
North Korean hackers stole approximately $577 million in cryptocurrency during the first four months of 2025, representing 76% of all global hacking losses.

Q2: Which groups are responsible for the major hacks?
The $292 million KelpDAO exploit was carried out by TraderTraitor, a subgroup of the Lazarus Group. The $285 million Drift Protocol attack was conducted by a separate North Korean subgroup.

Q3: How do North Korean hackers launder stolen crypto?
They often use decentralized protocols like THORChain to convert assets into Bitcoin. Chinese brokers then handle the conversion into fiat currency, bypassing traditional surveillance.

Q4: Why has North Korea’s share of global crypto hacks increased?
International sanctions have cut off traditional revenue streams, forcing the regime to rely on cyber theft to fund its weapons programs. Their tactics have also become more sophisticated.

Q5: What is the cumulative amount stolen by North Korea since 2017?
The total has surpassed $6 billion (8.8644 trillion won), reflecting a persistent and growing threat to the global crypto economy.

This post North Korean Hackers Stole Over $577M in Crypto This Year, 76% of Global Total: A Record Surge first appeared on BitcoinWorld.