North Korean hackers have hit an infernal milestone of stealing $2.02 billion of crypto in 2025, which is nearly 60% of the total $3.4 billion reported crypto thefts this year. According to Chainalysis, the rogue state has stolen a total of $6.75 billion in cryptocurrency since records began — at least in known value. The biggest loss of the year was the $1.5 billion ByBit hack, with the FBI saying that it was executed by actors from the Democratic People’s Republic of Korea (DPRK), accounting for almost 75% of the amount stolen by the country.
The DPRK is using operations like this to fund its coffers, especially as it still reels from international sanctions. One of North Korea’s techniques for breaking into crypto systems is to have its operatives pose as IT professionals and embed them among the employees of its potential targets. Aside from making money for the regime, like the infiltrator who was caught by Amazon because of the latency of their keystrokes, they also prepare the way for the attack, gaining privileged access and looking for vulnerabilities.
The DPRK has also started posting fake crypto jobs that require applicants to unknowingly install malware on their systems that exfiltrates data from the target, including credentials, source code, and SSO access, among others, from their current employer. Alongside this, DPRK hackers are also targeting senior executives with purported buyout offers. They then use their supposed due diligence actions to scan for security weaknesses and system information to compromise their wallets.
Despite this, it seems that decentralized finance protocol losses due to hacks are falling compared to the total value stored on the blockchain. Chainalysis explained that this is likely due to platforms implementing more robust security, with attackers preferring softer targets like exchanges, custodians, and even personal wallets. Nevertheless, the sophistication of North Korean hackers means that even though they’re executing fewer attacks, these can be far more damaging, resulting in larger losses, which goes against the trend of more victims losing smaller amounts from other bad actors. We saw this with its 2025 performance, where its hackers stole 51% more despite having 74% fewer known attacks, so institutions must remain vigilant as the DPRK is seemingly looking for bigger targets in the coming year.
Follow Tom's Hardware on Google News, or add us as a preferred source, to get our latest news, analysis, & reviews in your feeds.