According to CertiK, Chainalysis, and Elliptic, hackers linked to North Korea were responsible for roughly 60% of the $3.4 billion in cryptocurrency stolen in 2023, totaling an estimated $2.02 billion.
Summary
- A handful of mega‑hacks like Bybit’s record $1.46B–$1.5B breach drove 2025 losses, even as the total number of DPRK incidents fell compared with previous years.
- Investigators warn stolen crypto likely funds North Korea’s nuclear and missile programs, spurring a compliance arms race in screening, freezing and tracing tainted assets.
According to blockchain security firm CertiK, hacking groups connected to North Korea were behind approximately 60% of all cryptocurrency stolen in 2025, making the country the biggest threat in the crypto world. This aligns with findings from companies like Chainalysis, which estimate North Korea stole around $2.02 billion in digital assets last year, out of a total of $3.4 billion stolen globally.
According to a recent report by Chainalysis, and reported by sources like Fortune and the Korea Herald, approximately $3.4 billion worth of cryptocurrency was stolen globally in 2025. A significant portion of this – almost 60% – is attributed to operations linked to North Korea. Chainalysis estimates that North Korean hackers stole at least $2.02 billion in crypto last year, a 51% increase from the previous year, bringing the total stolen by the regime to around $6.75 billion. Interestingly, this increase happened despite a decrease in the overall number of confirmed hacking incidents. Similar analysis by Elliptic also shows North Korea-linked groups had already stolen over $2 billion in crypto by early October 2025, before a final surge of attacks.
Instead of many small thefts, crypto heists are becoming fewer in number but much larger in scale. The Bybit hack in February, estimated at $1.46 to $1.5 billion, was the biggest crypto theft ever recorded, and U.S. officials quickly blamed North Korean hackers. Other attacks in 2023 linked to North Korean groups targeted platforms like LND.fi, WOO X, and Seedify, alongside numerous smaller breaches and scams. Overall, researchers estimate that North Korean hackers stole between 60% and over half of all crypto from centralized services and DeFi platforms last year, depending on which incidents are included in the calculations.
North Korean hacking groups are changing their tactics. Instead of mass phishing attacks or trying to force their way into systems, they’re now more likely to place IT workers directly inside cryptocurrency exchanges, storage companies, and Web3 businesses. This gives them privileged access to steal funds. According to Chainalysis and Elliptic, this approach allows North Korea to steal larger amounts of money with fewer attacks. They’re also breaking up stolen funds into smaller amounts—often under $500,000 per transaction—to make the money harder to trace, a change from the larger, million-dollar transfers they used in the past.
The theft of these digital assets isn’t just a financial crime; it has significant international implications. The United Nations and various governments believe North Korea is using the stolen funds to finance its weapons programs, potentially receiving as much as 13% of its entire economic output in 2025 from these activities alone. This is why security companies like CertiK see this as a major, state-sponsored threat – far beyond typical hacking incidents. They argue that exchanges, DeFi platforms, and even digital wallets urgently need advanced tools to monitor transactions, identify risky addresses, and analyze user behavior to prevent these funds from being used for illicit purposes.
According to Tom’s Hardware, the staggering loss of $2.02 billion to crypto theft – almost 60% of all such losses in 2025 – highlights major security flaws and policy gaps. This massive amount of stolen funds is prompting regulators to investigate the causes of these hacks, the speed at which assets are frozen after a breach, and whether current identity verification and anti-money laundering procedures are sufficient to protect against attacks, especially from well-resourced nations targeting vulnerable platforms.
Read More
- Gold Rate Forecast
- Avengers: Doomsday Spoilers & Leaks Addressed By Director Joe Russo: “It’s Over-Policed”
- Assassin’s Creed is getting a live stage spin-off with parkour and choreographed fights
- INJ/USD
- STX/USD
- Detonate codes (December 2025)
- Crimson Desert Guide – How to Pay Fines, Bounties & Debt
- Apple TV’s Imperfect Women Becomes No. 1 Most-Watched Show Globally
- What is Omoggle? The AI face-rating platform taking over Twitch
- Pragmata: Every Hacking Mode, Ranked
2026-05-12 17:00