CertiK, Chainalysis, and Elliptic all say North Korean state-linked hacking groups were behind nearly 60% of the roughly $3.4 billion stolen from the crypto industry in 2025, making the DPRK the dominant force in digital asset theft.
Summary
North Korean hackers reportedly stole around $2.02 billion in crypto during 2025, accounting for nearly 60% of global thefts.
Massive breaches such as the record-breaking Bybit hack drove most of the losses despite fewer total incidents.
Investigators believe the stolen funds may support North Korea’s missile and nuclear programs, intensifying pressure on crypto compliance systems.
According to findings from Chainalysis and other security firms, DPRK-linked groups stole an estimated $2.02 billion in digital assets during 2025, marking a sharp increase from previous years. Reports suggest North Korea’s cumulative crypto thefts have now reached roughly $6.75 billion overall.
Mega hacks now define the threat landscape
Researchers say the 2025 losses were driven less by frequent small attacks and more by a handful of extremely large breaches. The most notable example was the hack involving Bybit, which resulted in estimated losses between $1.46 billion and $1.5 billion, making it the largest crypto theft recorded so far.
Other attacks reportedly tied to DPRK-linked groups targeted platforms including WOO X, Seedify, and LND.fi, alongside numerous smaller wallet-draining operations and service breaches.
Investigators say North Korean cyber operations have also evolved significantly. Instead of relying mainly on phishing scams or direct protocol exploits, hacking groups are now increasingly infiltrating crypto companies by placing IT workers and insiders within exchanges, custodians, and Web3 firms to gain privileged access.
Laundering methods becoming more sophisticated
Chainalysis noted that North Korean actors are achieving larger thefts through fewer incidents while laundering funds in smaller batches below $500,000 per transaction. This marks a shift away from the large one-time transfers that previously characterized state-sponsored laundering activity.
Security firms warn that these evolving tactics are fueling a growing compliance arms race across the industry. Exchanges, DeFi protocols, and wallet providers are now rapidly expanding blockchain monitoring systems, transaction screening, behavioral analytics, and asset-freezing capabilities to prevent tainted funds from moving through the ecosystem.
Concerns extend beyond crypto markets
The geopolitical implications remain one of the biggest concerns for regulators and governments worldwide. The United Nations and several international agencies believe stolen crypto assets may be helping finance North Korea’s nuclear weapons and ballistic missile programs. Some estimates suggest the 2025 haul alone could equal roughly 13% of the country’s GDP.
Because of that, firms like CertiK describe the situation as a “nation-state level” security challenge rather than a conventional cybercrime problem.
The surge in state-linked thefts is also prompting regulators to intensify scrutiny around KYC and AML systems, while questioning whether current compliance frameworks are capable of handling increasingly sophisticated crypto laundering networks.
