Assets
Crypto Deposit
Fiat Deposit
Convert
Transfer
Withdraw
My vouchers
Fund history
Dashboard
Account Security
Identity verification
API Management
Transaction Report
Log out
Register
BTCC / BTCC Square / StellarMiner /
North Korean Hackers Shift Focus from Infiltration to Launching Their Own Crypto Platforms in 2026

North Korean Hackers Shift Focus from Infiltration to Launching Their Own Crypto Platforms in 2026

Author:
StellarMiner
Published:
2026-02-20 19:39:01
13
1


North Korean hackers are no longer just breaking into crypto projects—they're building their own. In 2026, these threat actors have escalated their tactics, moving beyond social engineering to develop deceptive platforms like Tenexium, which stole $2.5 million from unsuspecting users. With $6 billion in estimated crypto thefts tied to Pyongyang’s nuclear ambitions, the stakes have never been higher. This article dives into their evolving strategies, the Bybit hack’s aftermath, and why even seasoned investors should double-check DeFi projects.

How Are North Korean Hackers Evolving Their Crypto Heists?

Gone are the days when North Korean hackers relied solely on phishing emails or malware. In 2026, they’ve leveled up, creating entire crypto platforms designed to scam users. Elliptic’s latest report reveals that groups like Lazarus have shifted from stealing funds to orchestrating exit scams via fake DeFi projects. Take Tenexium, a seemingly legit Bittensor-based protocol that vanished overnight—along with $2.5 million in user deposits. This isn’t just a hack; it’s a full-blown con job.

The Bybit Hack: A $1 Billion Wake-Up Call

Remember the 2025 Bybit breach? North Korea’s hackers didn’t just steal a record $1 billion—they laundered it in six months using tricks like "refund address poisoning" and worthless token minting. As one BTCC analyst put it, "They’re not just thieves; they’re money-laundering savants." Fast-forward to 2026, and their exploits have doubled, netting an estimated $2 billion this year alone. Where’s the cash going? Likely funding missile tests, according to UN sanctions monitors.

Why Are Fake DeFi Projects the New Weapon of Choice?

Tenexium wasn’t an anomaly. North Korean operatives are now posing as developers, launching "permissionless" projects to lure crypto natives. The playbook? Build trust, attract liquidity, then pull the rug. What’s chilling is how convincing these fronts appear—complete with whitepapers and fake team profiles. "I’ve seen projects with GitHub activity and AMAs," admits a CoinMarketCap data engineer. "By the time you spot red flags, your ETH is gone."

Can the Crypto Industry Stop These Attacks?

Despite Chainalysis’s blockchain tracking tools, North Korea’s hackers stay ahead by exploiting crypto’s decentralization. They’ve even weaponized meme coins—a tactic seen in the "KimJongMoon" token pump-and-dump. While exchanges like BTCC freeze suspicious deposits, decentralized platforms remain vulnerable. "It’s whack-a-mole," says a TradingView analyst. "You shut one mixer down, they spin up three more."

What Should Investors Watch For?

Three red flags: anonymous teams, unaudited code, and too-good-to-be-yield. That "hot new DeFi vault" promising 500% APY? Probably a Lazarus Group honeypot. Stick to audited platforms like Uniswap or Aave, and always verify contract addresses. As for Tenexium’s "founder"? Rumor has it he’s a Pyongyang IT worker who moonlighted as a crypto dev. Talk about a career pivot.

FAQs: North Korea’s Crypto Crime Wave

How much has North Korea stolen through crypto hacks?

Elliptic estimates $6 billion since 2015, with $2 billion in 2026 alone.

What’s their favorite laundering method?

Mixing services, cross-chain swaps, and fake token sales—all tracked via CoinMarketCap liquidity charts.

Are exchanges like BTCC at risk?

Centralized exchanges have better safeguards, but DeFi protocols are prime targets.

|Square

Get the BTCC app to start your crypto journey

Download on the App Store GEI IT ON Google Play

Get started today Scan to join our 100M+ users

Exchange for a better future

Products
Services
Guides
About Us
Terms & Agreement
Customer Service

Risk warning: Digital asset trading is an emerging industry with bright prospects, but it also comes with huge risks as it is a new market. The risk is especially high in leveraged trading since leverage magnifies profits and amplifies risks at the same time. Please make sure you have a thorough understanding of the industry, the leveraged trading models, and the rules of trading before opening a position. Additionally, we strongly recommend that you identify your risk tolerance and only accept the risks you are willing to take. All trading involves risks, so you must be cautious when entering the market.

The world’s longest-running cryptocurrency exchange since 2011 © 2011 - 2026 BTCC.com. All rights reserved

All articles reposted on this platform are sourced from public networks and are intended solely for the purpose of disseminating industry information. They do not represent any official stance of BTCC. All intellectual property rights belong to their original authors. If you believe any content infringes upon your rights or is suspected of copyright violation, please contact us at [email protected]. We will address the matter promptly and in accordance with applicable laws.BTCC makes no explicit or implied warranties regarding the accuracy, timeliness, or completeness of the republished information and assumes no direct or indirect liability for any consequences arising from reliance on such content. All materials are provided for industry research reference only and shall not be construed as investment, legal, or business advice. BTCC bears no legal responsibility for any actions taken based on the content provided herein.