Earn up to 50% APR
Boost earnings with NFTs
Play, HODL & earn more
North Korea Stole Over $2 Billion in Crypto in 2025 With Fewer Attacks Than the Year Before
-
North Korea-affiliated hackers stole more than $2 billion in cryptocurrency in 2025, a 51% year-over-year increase despite conducting fewer individual campaigns than in 2024, according to CrowdStrike's 2026 Financial Services Threat Landscape report. The increase in yield with fewer operations reflects a deliberate strategic shift toward higher-value targets rather than volume — the same precision-over-quantity dynamic that CertiK's separate analysis documented, showing DPRK-linked groups were responsible for 60% of total crypto hack value in 2025 while accounting for only 12% of incidents. CrowdStrike identified DPRK hackers as the largest threat group targeting cryptocurrency users by dollar value stolen and was explicit about where the money goes: "Stolen proceeds are almost certainly laundered to fund the regime's military programs." The focus on Web3 projects and cryptocurrency exchanges is deliberate — digital assets can be cashed out and transferred with a greater degree of anonymity than traditional financial system funds, making crypto the most viable hard currency generation mechanism available to a heavily sanctioned state.
The report frames this as a structural feature of how North Korea has organized its state revenue apparatus rather than an opportunistic criminal activity. When a government systematically trains operatives, allocates intelligence resources, and develops sophisticated technical capabilities specifically for cryptocurrency theft — accepting the operational overhead of elaborate social engineering campaigns, physical infiltration, and months-long relationship building — it is making a calculated national security investment. The $2 billion annual return on that investment dwarfs what North Korea could generate through any other sanctions-evasion mechanism currently available to it, which is precisely why the pace of these operations has accelerated rather than responding to increased global enforcement pressure.
