Bigger attacks, fewer targets: North Korea steals 51% more crypto in 2025

A Shocking Rise in

In 2025, the crypto world faced an unprecedented threat from state-sponsored hackers. Operatives linked to North Korea didn’t just dip their toes into digital wallets—they drained over $2 billion in cryptocurrency. This marks a massive 51% increase from the previous year, according to blockchain analytics powerhouse Chainalysis.

This single year’s haul has ballooned North Korea’s total crypto theft to a jaw-dropping $6.7 billion since they first set their sights on the industry back in 2016. But here’s the twist: they achieved this with 74% fewer attacks. It’s a classic case of bigger attacks, fewer targets, where precision strikes on high-value platforms yield enormous payouts.

The Evolution of North Korea’s Crypto Theft Strategy

North Korean hackers, often operating under groups like Lazarus, have refined their approach dramatically. No longer relying on spray-and-pray external hacks, they’re playing the long game. “When North Korean hackers strike, they target large services and aim for maximum impact,” Chainalysis noted in its comprehensive year-end report.

The new playbook? Infiltration. DPRK operatives are embedding IT workers directly into crypto firms. These insiders gain privileged access, allowing them to orchestrate massive heists from within. It’s a shift from opportunistic grabs to surgical, high-stakes operations.

• Go big or go home: The average North Korean hack now dwarfs typical cybercriminal thefts.
• Scale of devastation: Their largest 2025 breach was 1,000 times bigger than a standard crypto hack—think $1,000 pocket change versus a $1 million jackpot.

The Bybit Hack: A $1.5 Billion Wake-Up Call

Nothing exemplifies this strategy like the Bybit hack in February 2025. North Korean operatives pulled off a daring $1.5 billion theft from the major exchange. This one event accounted for three-quarters of their entire year’s crypto plunder.

While run-of-the-mill hackers chip away at DeFi protocols and personal wallets with dozens of small hits, North Korea zeros in on the motherlodes: centralized exchanges and custodial platforms. In 2025, they claimed responsibility for 76% of all major exchange and platform hacks—the highest share on record.

(Image: Visualizing the explosive growth in North Korean crypto thefts.)

Infiltration Tactics: From Job Apps to Fake Recruiters

The infiltration game has gotten sneakier. Experts warn that 30% to 40% of job applications at crypto companies come from North Korean operatives. But they’re flipping the script entirely.

Instead of applying as workers, they’re posing as recruiters for top crypto and AI firms. Using platforms like Upwork and Freelancer, they lure global talent into fake hiring processes. The goal? Harvest credentials, source code, and VPN access from victims’ real employers.

The deal is simple and sinister:

1. A collaborator loans their verified account or lets hackers use their identity remotely.
2. They pocket 20% of the earnings; North Korea takes the lion’s share at 80%.

“At the executive level, a similar social-engineering playbook appears in the form of bogus outreach from purported strategic investors or acquirers.”

This isn’t just cybercrime; it’s a sophisticated espionage operation funding a rogue regime.

Expert Warnings: A National Security Crisis

Cyber investigators are sounding the alarm. “North Korea is much worse than everybody thinks,” says Pablo Sabbatella of the SEAL cyber investigation organization. The scale of infiltration poses existential risks to the crypto ecosystem.

Chris Wong, a former FBI agent and North Korea specialist at TRM Labs, frames it broader: “North Korea’s crypto theft activity is a sanctions, national security, and financial crime issue. Countering it requires real-time intelligence, operational disruption, and sustained cross-border coordination.”

These thefts aren’t just draining liquidity—they’re evading international sanctions, bolstering North Korea’s nuclear ambitions, and undermining global trust in crypto infrastructure.

Why 2025’s Hacks Matter for Crypto’s Future

The model exposes crypto’s soft underbelly. Centralized exchanges hold billions, making them prime targets. As DeFi grows, even decentralized protocols aren’t immune if insiders are compromised.

Key implications:

• Industry-wide vetting overhaul: Crypto firms must scrutinize hires, freelancers, and partnerships rigorously.
• Tech defenses: Multi-factor authentication, zero-trust architectures, and AI-driven anomaly detection are non-negotiable.
• Regulatory push: Governments may demand stricter KYC for job platforms and exchanges.
• Blockchain forensics rise: Firms like Chainalysis will play a pivotal role in tracking and freezing stolen funds.

Looking ahead to 2026, expect North Korea to double down. With AI tools enhancing their social engineering, the crypto community must unite—or risk more billion-dollar black swan events.

How to Protect Your Crypto Assets in 2025 and Beyond

Individuals and businesses aren’t powerless. Here’s an actionable checklist:

The story is a stark reminder: In blockchain’s wild frontier, vigilance is the ultimate security token.

Stay informed, stay secure, and let’s build a more resilient crypto future.

Discuss this news on our Telegram Community. Subscribe to us on Google news and do follow us on Twitter @Blockmanity

Disclaimer: Blockmanity is a news portal and does not provide any financial advice. Blockmanity's role is to inform the cryptocurrency and blockchain community about what's going on in this space. Please do your own due diligence before making any investment. Blockmanity won't be responsible for any loss of funds.