North Korean cybercriminals have stolen $2.02 billion in cryptocurrency throughout 2025, setting a new record for state-sponsored digital theft. Blockchain analytics firm Chainalysis published these findings, revealing a 51% increase from the previous year's totals.
The regime's cumulative theft since tracking began now stands at $6.75 billion. This financial windfall helps Pyongyang circumvent international sanctions while funding weapons programs and military operations.
The scale of these attacks highlights the vulnerability of cryptocurrency to organized, state-sponsored hacking operations. Security experts warn that both exchanges and individual investors face mounting risks from increasingly sophisticated threat actors.
Source: Chainalysis
Fewer Attacks Generate Bigger Returns
The number of successful attacks actually decreased in 2025 compared to previous years. However, the value extracted from each breach increased dramatically.
This strategic shift became evident in February 2025 when hackers compromised the Bybit exchange. That single operation netted approximately $1.5 billion, representing nearly three-quarters of the year's total stolen funds.
North Korean cyber units now concentrate resources on penetrating high-value targets rather than executing numerous small-scale thefts. This approach maximizes returns while reducing operational exposure.
The targeted methodology suggests improved intelligence gathering and patient reconnaissance before launching attacks. Hackers spend more time identifying vulnerable high-value systems worth the investment of resources.
Social Engineering Becomes Primary Attack Vector
Technical exploits have taken a backseat to human-focused manipulation tactics. North Korean operatives increasingly rely on social engineering to breach security systems.
Common schemes include planting operatives as IT workers within target organizations. These insiders gain trusted access over time before executing thefts. Other tactics involve impersonating company executives through sophisticated phishing campaigns.
The shift reflects a fundamental change in how state actors approach cryptocurrency theft. Modern security protocols have made purely technical attacks more difficult to execute successfully.
Human psychology now represents the weakest link in most security chains. Even organizations with robust technical defenses remain vulnerable when employees fall victim to manipulation.
Training staff to recognize social engineering attempts has become critical for cryptocurrency businesses. However, North Korean operatives continue refining their techniques to exploit trust and authority within organizations.
