North Korean Hackers Steal Over $2 Billion in Crypto This Year, Pushing Total Thefts Beyond $6 Billion
- How Much Have North Korean Hackers Stolen in 2025?
- What’s New in Their Attack Strategy?
- Why Are Personal Wallets Suddenly Vulnerable?
- How Does This Compare to Previous Years?
- What Can Users Do to Protect Themselves?
- FAQs
North Korean state-sponsored hackers have siphoned off more than $2 billion in cryptocurrency in 2025 alone, escalating their cumulative thefts to a staggering $6+ billion since 2016. These cybercriminals have shifted tactics toward fewer but far more devastating attacks, leveraging AI tools and insider infiltration. Meanwhile, personal wallet breaches now account for 20% of total losses, with Ethereum and Tron users facing the highest risk. Here’s a deep dive into the data, trends, and what it means for crypto security.
How Much Have North Korean Hackers Stolen in 2025?
According to Chainalysis, North Korean-linked hackers pilfered $2.02 billion in crypto assets this year—a 51% surge compared to 2024. This brings their total haul since 2016 to $6.75 billion, with the infamous $1.4 billion Bybit heist in March accounting for nearly a quarter of 2025’s losses. For context, that’s enough to fund North Korea’s missile program for. The hackers’ focus has pivoted from quantity to quality: fewer attacks, but each with crippling impact.
What’s New in Their Attack Strategy?
Gone are the days of spray-and-pray phishing. North Korean operatives now:
- Infiltrate crypto firms by placing IT staff as "sleepers" to gain privileged access.
- Leverage AI for reconnaissance, code analysis, and even laundering stolen funds (yes, LLMs are now crime tools).
- Target centralized services like exchanges, responsible for 88% of Q1 2025’s losses.
Their post-theft laundering follows a 45-day playbook: funds MOVE through Chinese OTC desks, mixing services, and bridges—avoiding DeFi platforms favored by other criminals.
Why Are Personal Wallets Suddenly Vulnerable?
Individual investors lost $713 million in 2025, with Solana, Ethereum, and tron wallets hit hardest. While centralized service breaches dominate headlines, personal wallet attacks now represent 20% of total thefts—up from just 7.3% in 2022. Ethereum’s high theft rate reflects its large user base, but Tron’s disproportionate risk (despite fewer active wallets) suggests systemic vulnerabilities.
How Does This Compare to Previous Years?
The scale disparity is jaw-dropping: the top three 2025 attacks werethan the average case—worse than 2021’s bull market peak. Victims surged from 40,000 in 2022 to 80,000 this year, partly due to broader crypto adoption. Ironically, as security improves for institutions, individuals become low-hanging fruit.
What Can Users Do to Protect Themselves?
While no system is foolproof, these steps reduce risk:
- Use hardware wallets for large holdings (cold storage beats hot wallets).
- Diversify exchanges—don’t keep all funds on platforms like BTCC or Bybit.
- Monitor transaction patterns; North Korean launderers often split sums below $500K.
FAQs
How much crypto has North Korea stolen in total?
Over $6.75 billion since 2016, with $2.02 billion stolen in 2025 alone.
Which blockchain is most targeted for personal wallet thefts?
Ethereum and Tron have the highest theft rates per 100,000 wallets, though solana leads in absolute victim numbers.
Are exchanges still the primary target?
Yes—centralized service breaches caused 88% of Q1 2025’s losses, often via private key compromises.
