Key Takeaways
- North Korea has amassed over $6.7bn in crypto after targeting the industry over the past decade
- The country has stolen a record $2bn+ in 2025, according to Chainalysis
- North Korea remains the biggest crypto threat actor, accounting for 60% of the funds stolen from January to early December 2025
- Hackers from the country tend to focus on large services and aim for maximum impact, with a record 76% of all service compromises in the period
- The number of recorded thefts tripled from 2022 to reach 158,000 in 2025, with unique victims increasing from 40,000 to 80,000 in the period
Introduction to North Korea’s Crypto Threat
North Korea has now become a major player in the cryptocurrency industry, but not in a positive way. According to a report by Chainalysis, the country has amassed over $6.7bn in crypto after targeting the industry over the past decade. This is a staggering amount, and it’s even more alarming when we consider that the country has stolen a record $2bn+ in 2025 alone. This makes North Korea the biggest crypto threat actor, accounting for 60% of the funds stolen from January to early December 2025. The report also revealed that hackers from the country tend to focus on large services and aim for maximum impact, with a record 76% of all service compromises in the period.
North Korea’s Cyber-Attack Tactics
The report by Chainalysis provides valuable insights into the tactics used by North Korean hackers. According to the report, these hackers tend to embed IT workers inside crypto services to gain privileged access and enable high-impact compromises. This allows them to accelerate initial access and lateral movement ahead of large-scale theft. The report also notes that North Korean threat actors are increasingly achieving these outsized results by using this tactic. This is a worrying trend, as it suggests that North Korean hackers are becoming more sophisticated and effective in their attacks. The cyber-attack on Bybit, which led to the theft of $1.5bn, is a prime example of this tactic in action.
Laundering Stolen Funds
The report also highlights the differences in the preferences of North Korean hackers when it comes to laundering stolen funds. Unlike many other threat actors, North Korean hackers rely heavily on Chinese language services and networks. They also use cross-chain bridges, mixing services, and specialized services like Huione more than others. This suggests that North Korean hackers have a unique approach to laundering stolen funds, one that is tailored to their specific needs and goals. The report notes that the figures for North Korea’s crypto haul this year are consistent with market analysis from London-based Elliptic.
Growing Threat to Individuals
The report also reveals a growing threat to individuals in the cryptocurrency industry. As more people adopt cryptocurrency, the number of recorded thefts has tripled from 2022 to reach 158,000 in 2025. The number of unique victims has also increased from 40,000 to 80,000 in the period. However, the total value stolen from individual victims has actually declined from a peak of $1.5bn last year to $713m in 2025. This suggests that attackers are targeting more users, but stealing smaller amounts per victim. The report notes that personal wallet compromises now account for 20% of all value stolen in 2025, down from 44% in 2024.
Variation in Theft Rates Across Chains
The report also highlights the variation in theft rates across different cryptocurrency chains. Ethereum and Tron recorded the highest rates of theft, while Base and Solana had much lower rates, despite having large user numbers. This suggests that factors beyond technology, such as user demographics, popular applications, and criminal infrastructure, play important roles in determining theft rates. The report notes that this variation is an important area of study, as it can help us better understand the risks and challenges facing the cryptocurrency industry. By understanding these factors, we can develop more effective strategies for preventing and mitigating crypto theft.
Conclusion
In conclusion, the report by Chainalysis provides a disturbing insight into the growing threat posed by North Korean hackers in the cryptocurrency industry. The country’s ability to amass over $6.7bn in crypto and steal a record $2bn+ in 2025 is a worrying trend that highlights the need for increased vigilance and security measures in the industry. The report also highlights the growing threat to individuals, with the number of recorded thefts tripling from 2022 to reach 158,000 in 2025. As the cryptocurrency industry continues to evolve and grow, it’s essential that we prioritize security and develop effective strategies for preventing and mitigating crypto theft. By working together, we can help to create a safer and more secure cryptocurrency industry for everyone.