TLDR
- North Korea stole $2.17 billion in crypto in the first half of 2025.
- Bybit lost $1.5 billion in Ethereum in the largest single crypto theft.
- Hackers use multiple laundering channels like mixers and bridges fast.
- DPRK cyber attacks target exchanges, AI, blockchain, and defense sectors.
North Korean hackers have carried out unprecedented cryptocurrency thefts in 2025, targeting major global exchanges. Analysts report the regime stole billions, including nearly $1.5 billion from Bybit. These attacks demonstrate the country’s growing capability in cybercrime and digital asset laundering. Authorities and security firms warn that North Korea continues to refine its methods, making cryptocurrency a key revenue source amid international sanctions.
Record-Breaking Crypto Thefts
According to blockchain analytics firm Chainalysis, North Korean hacker groups stole more than $2.17 billion in crypto during the first half of 2025. This exceeds the total amount stolen in all of 2024.
North Korean hackers stole over $2.17B in crypto in 2025, including nearly $1.5B in #Ethereum from Bybit, marking the largest single crypto hack.
The breach highlights growing threats in the #crypto space.
How can security measures evolve to prevent such massive thefts? pic.twitter.com/UpIqDfMlTX
— Crypto Hawk (@CryptoKelvin12) December 29, 2025
The largest theft occurred on February 21, when Bybit lost nearly $1.5 billion in Ethereum. Smaller attacks, including a $37 million hack of South Korean exchange Upbit, followed throughout the year. These incidents mark the highest level of crypto theft linked to North Korea to date.
Evolving Hacking Tactics
North Korean hackers, including the Lazarus group, have adapted their strategies to bypass security measures. Chainalysis noted the use of coordinated supply-chain attacks targeting third-party service providers and fund custodians.
Hackers have also infiltrated companies in AI, blockchain, and defense sectors under false identities. These operations allow them to access sensitive systems and cryptocurrency reserves. Andrew Fierman, head of national security intelligence at Chainalysis, said, “North Korea will always seek new vectors to steal funds on behalf of the regime, whether through fiat or crypto.”
Complex Laundering Networks
The laundering of stolen cryptocurrency has grown more complex. Hackers use mixing services, over-the-counter brokers, token swaps, decentralized exchanges, and bridges to hide transactions.
Fierman added that North Korean groups now execute multiple large-scale laundering channels simultaneously. This rapid and coordinated approach makes tracing stolen funds difficult and allows hackers to conceal their activity across jurisdictions.
Preventive Measures for Exchanges
Experts recommend stricter due diligence to reduce the risk of North Korean infiltration. Measures include video interviews, stricter identity verification, IP and geolocation monitoring, and limiting opaque payment methods such as crypto.
“Close collaboration between platforms, private-sector, and law enforcement is critical,” Fierman said. “When intelligence is shared quickly, illicit actors will have fewer opportunities to deploy their tactics.” Enhanced monitoring and verification can help exchanges detect fraudulent actors before they gain access.
The surge in North Korean cyber thefts demonstrates how cryptocurrency continues to serve as a revenue source for sanctioned regimes. Analysts stress the need for industry-wide coordination to limit the success of these operations while tracking the flow of illicit funds.
Get 3 Free Stock Ebooks
Discover top-performing stocks in AI, Crypto, and Technology with expert analysis.
- Top 10 AI Stocks - Leading AI companies
- Top 10 Crypto Stocks - Blockchain leaders
- Top 10 Tech Stocks - Tech giants
