An analysis showed that the amount of virtual assets seized by North Korea this year amounted to about 3 trillion won, the largest on record. Chanelysis reported that North Korea-linked hacking groups stole about $2.02 billion in virtual assets in 2025, about 3 trillion won, marking a 51% increase from 2024. The year was defined by the “elite of attacks,” with the total number of attacks down by about 74% year-on-year, while damage per incident rose sharply, and North Korea shifted focus to centralized exchanges such as Upbit and Bybit and to core infrastructure.
North Korean hackers reportedly invest all their resources in “big fish” capable of extracting hundreds of millions from a single operation after months of targeted analysis, with the February Bybit hack cited as an example at about $1.5 billion. During laundering, the hackers leave a distinctive fingerprint: unlike ordinary hackers who move 1 to 10 million dollars, NK actors split funds into amounts under $500,000 and dispersed them across thousands of addresses. These steps form the “Peel Chain” technique, blurring the source of funds by repeatedly moving funds in small amounts to evade AI monitoring systems at exchanges and authorities. The first laundering cycle is typically completed within about 45 days through split remittance and currency exchange.
Huione, a Cambodia-based payment group, was identified as a key node linking Southeast Asian payment networks with Chinese OTC brokers, aiding the conversion of North Korea’s “black money” into legal currency. FinCEN designated the Huwon Group as a major money laundering concern this year. Chainalysis said North Korea now possesses the ability to carry out sophisticated state-level financial operations with higher profits and fewer attacks, and urged the industry to strengthen real-time, pattern-based detection to capture small remittance patterns and geographic preferences.
Leave a Reply