In a staggering escalation of state-sponsored cybercrime, North Korean hackers stole a record $2.02 billion in cryptocurrency during 2025, according to Chainalysis’s preview of the 2026 Crypto Crime Report released on December 18, 2025. This marks a 51% increase from 2024 and pushes the DPRK’s cumulative theft since tracking began to approximately $6.75 billion. North Korea accounted for roughly 59-60% of the total $3.4 billion stolen globally in hacks that year, with DPRK-linked actors responsible for a record 76% of all service-level compromises by value. The report highlights a strategic shift: fewer attacks but higher impact, including the massive $1.5 billion Bybit breach in February – the largest single crypto heist ever.
North Korean groups like Lazarus have pivoted from DeFi vulnerabilities (suppressed by improved security) to centralized services and personal wallets. A major vector is “Wagemole” – embedding fake IT workers inside crypto firms for privileged access, accelerating breaches. Hackers pose as recruiters for Web3 jobs, conduct fake technical interviews, or impersonate investors executives to steal keys, code, or funds. The Bybit hack alone—$1.5 billion—exemplifies the damage from insider-like access.
The report warns that DPRK’s predictable laundering (45-day cycles via Chinese OTC brokers, mixers, and bridges) offers detection opportunities, but their efficiency – often using AI for fluidity – complicates interception. Personal wallet attacks rose sharply (from 7% of value in 2022 to peaks of 44% in 2024, settling at 20-37% in 2025 excluding outliers), driven by phishing and malware. For 2026, Chainalysis urges enhanced defenses against infiltration and better user education on wallet security. As volumes grow, such threats could undermine trust, especially with DPRK achieving outsized results from fewer strikes.
Leave a Reply