Earn up to 50% APR
Boost earnings with NFTs
Play, HODL & earn more
North Korea Stole 60% of All Crypto Hack Value in 2025. The Numbers Are Staggering
-
CertiK's new Skynet report attributes roughly $2.06 billion of an estimated $3.4 billion in 2025 crypto security losses to DPRK-linked groups — approximately 60% of total stolen value across only 12% of documented incidents. That ratio is the most important statistic in the report: North Korean hackers are not running volume operations targeting many small victims but precision operations targeting the largest available pools of capital. The single largest incident, the Bybit exploit in February 2025, resulted in approximately $1.5 billion in losses alone, attributed to the TraderTraitor cluster through a supply chain compromise of a third-party signing provider. CertiK's on-chain analysis found that about 86% of the stolen Ether was converted into Bitcoin within one month using mixing services, cross-chain bridges, decentralized exchanges, and OTC brokers — a laundering pipeline that moves at industrial scale. Between 2016 and early 2026, DPRK-linked actors have stolen an estimated $6.75 billion across 263 documented incidents, and the report concludes that North Korea has effectively industrialized crypto theft into a core state revenue mechanism, with proceeds confirmed by UN monitors and US intelligence assessments to fund the regime's nuclear and ballistic missile programs.
The shift in operational focus from opportunistic hot wallet compromises to fewer, higher-value targets reflects a maturation of North Korea's crypto theft apparatus that has direct implications for how the industry thinks about security. When the primary threat actor is targeting the largest pools of capital with months of preparation, the relevant defense is not faster patch management or better phishing training — it is the integrity of the entire supply chain around custody, signing infrastructure, and governance systems. The Bybit attack succeeded not by breaking cryptography but by compromising a third-party UI provider and routing funds to a malicious address without changing the apparent content of transactions, meaning the attack was invisible to standard review processes until it was too late.
-
86% of stolen ETH converted to BTC within one month through industrial laundering pipeline showing operational sophistication beyond typical criminal groups
-
$1.5B Bybit exploit through a UI provider nobody was watching, supply chain attack found its biggest crypto payday
