North Korea–linked hackers stole more cryptocurrency in 2025 than in any previous year, underscoring how digital assets have become a central funding mechanism for the heavily sanctioned regime.
Cyber actors affiliated with Pyongyang have stolen more than $2.02 billion in cryptocurrency since January, according to new findings from blockchain analytics firm Chainalysis. The total marks an increase of more than 50% compared with 2024 and brings the country’s cumulative crypto theft since 2016 to approximately $6.75 billion.
The figures highlight the growing sophistication and scale of North Korea’s cyber operations, which U.S. and United Nations officials have long said help finance the regime’s nuclear weapons and ballistic missile programs.
“The reality is that cryptocurrency, because of its global, 24/7 accessibility, offers a uniquely attractive target for the regime,” said Andrew Fierman, head of national security intelligence at Chainalysis.
Record-breaking heists
Crypto theft across the industry totaled roughly $3.4 billion in 2025 through early December, according to Chainalysis. A single incident accounted for nearly half of that amount.
In February, Dubai-based exchange Bybit suffered a $1.5 billion breach, the largest crypto theft ever recorded. Investigators attributed the attack to hackers linked to North Korea, further cementing the country’s reputation as the most prolific state-sponsored crypto thief.
Legal and cybersecurity experts say crypto crime has become one of the most efficient revenue streams available to Pyongyang under international sanctions.
“Crypto heists are now the easiest way for DPRK cyber actors to fund the regime,” said Eun Young Choi, an attorney at Arnold & Porter and a former federal prosecutor who has investigated major cyberattacks.
Increasing sophistication in laundering
Investigators note that North Korean hackers have significantly improved not only their ability to breach platforms, but also their methods for laundering stolen funds.
Following the Bybit attack, the stolen assets were moved through dozens of wallets and multiple blockchains, with portions routed through decentralized finance (DeFi) protocols to obscure their origin. These techniques complicate recovery efforts and slow enforcement actions by authorities.
The growth of the crypto market itself has also played a role, analysts say. Rising asset values and wider adoption have increased both the potential payoff and the attack surface for state-backed hackers.
Political and regulatory pressure mounts
The surge in theft has intensified scrutiny of the crypto sector, particularly decentralized platforms. This week, Senator Elizabeth Warren, the ranking Democrat on the Senate Banking Committee, urged the U.S. Treasury and Justice Department to investigate how DeFi protocols may be facilitating illicit finance by North Korea and other sanctioned actors.
The call comes amid a complex policy environment. While cybercrime risks have escalated, the Trump administration has pursued a more crypto-friendly regulatory posture, aiming to position the United States as the global center of digital asset innovation.
That tension—between promoting innovation and containing national security threats—is likely to shape regulatory debates in 2026 and beyond.
A growing strategic threat
Chainalysis analysts warn that North Korea’s cyber strategy is becoming more deliberate and targeted. Rather than relying on frequent, smaller attacks, hackers are increasingly focused on high-value exchanges and infrastructure providers, waiting for the right vulnerabilities to emerge.
As global crypto adoption continues, experts caution that the incentive structure for state-sponsored theft remains firmly in place.
“Adoption only creates more opportunity,” Fierman said. “North Korea has become more patient, more precise, and more effective in exploiting it.”
About The Author
