North Korean Hackers Steal Over $2 Billion in Crypto in 2025: A 51% Surge in Cybercrime Tactics

North Korean Hackers Steal Over $2 Billion in Crypto in 2025: A New Era of Cybercrime

In a startling revelation, blockchain surveillance firm Chainalysis has reported that North Korean hackers have stolen more than $2 billion in cryptocurrency in 2025, marking a staggering 51% increase from the previous year. This surge in cybercrime has shifted the landscape of digital theft, with a notable focus on targeting crypto companies rather than individual users.

Since 2016, North Korea has amassed a jaw-dropping total of $6.7 billion from crypto thefts, but this year’s strategy has taken a dramatic turn. While the number of attacks has decreased by 74%, the scale of each theft has ballooned, indicating a calculated shift towards larger, more impactful heists.

“When North Korean hackers strike, they target large services and aim for maximum impact,” Chainalysis noted in its year-end report. This year, the average hack executed by North Korean operatives has been reported to be 1,000 times larger than typical crypto thefts, akin to a bank heist that nets $1 million instead of a mere $1,000.

A New Tactic: Embedding Operatives

One of the most alarming trends highlighted by security researcher Pablo Sabbatella is the infiltration of North Korean operatives into the very fabric of the crypto industry. It is estimated that one in every five companies in the crypto sector has been compromised by these operatives, who are embedding themselves as IT workers to gain privileged access.

This year, North Korean hackers were responsible for a staggering 76% of all major exchange and platform hacks, the highest percentage ever recorded. The infamous Bybit hack in February alone accounted for $1.5 billion, representing three-quarters of North Korea’s total crypto theft for the year.

Flipping the Playbook

In a sophisticated twist, North Korean operatives are now impersonating recruiters for prominent crypto and AI firms. They orchestrate fake hiring processes designed to extract sensitive information, including credentials and source code, from unsuspecting victims. This tactic allows them to harvest valuable data while maintaining a façade of legitimacy.

Freelance platforms like Upwork and Freelancer have become breeding grounds for these operatives, who lure individuals into loaning their verified account credentials in exchange for a share of the profits. This method not only enhances their access to sensitive information but also complicates the detection of their activities.

A Growing Threat

Chris Wong, a former FBI agent and North Korea expert at crypto intelligence firm TRM Labs, emphasizes that the implications of North Korea’s cyber activities extend beyond cybersecurity. “It’s a sanctions, national security, and financial crime issue,” he stated, underscoring the need for real-time intelligence and cross-border coordination to combat this growing threat.

As the crypto industry grapples with these alarming developments, the need for robust security measures and international cooperation has never been more critical. With North Korean hackers evolving their tactics and strategies, the battle against cybercrime in the digital currency space is far from over.

For those in the crypto sector, vigilance is paramount. The stakes have never been higher, and the consequences of complacency could be devastating.