Earn up to 50% APR
Boost earnings with NFTs
Play, HODL & earn more
The North Korean Crypto Threat Is Now a National Security Problem for Every Country With a Crypto Industry
-
CrowdStrike's designation of DPRK-nexus adversaries as the largest threat group targeting cryptocurrency users by dollar value stolen is a data point that reframes the conversation around crypto security in a way the industry has been slow to fully absorb. This is not primarily a cybersecurity problem with national security implications — it is a national security problem that manifests through cybersecurity. North Korea has allocated state resources at a level that no criminal organization could match, combined intelligence tradecraft with technical cyber expertise in ways that blur the line between espionage and theft, and demonstrated a capacity to operate across remote infiltration, physical presence through intermediaries, and long-duration relationship building simultaneously. The $2 billion in 2025 losses represents a 51% increase from 2024 despite fewer operations — a trend line that points toward further escalation as techniques mature and the operational model is refined based on what has worked.
The countries most targeted by DPRK hackers, according to CrowdStrike's report, reflect both the geographic concentration of crypto industry activity and the specific intelligence priorities of North Korean operations. For the industry, the practical implications extend beyond implementing better security controls — though those matter — to fundamentally rethinking how trust is established with new hires, conference contacts, and external collaborators. The Drift Protocol case established that six months of relationship building, face-to-face meetings, and demonstrated technical competence are insufficient signals of trustworthiness when the adversary has the resources and patience to maintain cover identities over that kind of timeline. Background verification processes, code review for unusual patterns, compartmentalization of developer access to sensitive systems, and awareness training that specifically addresses the DPRK social engineering playbook are all necessary components of a defensive posture — but none of them are sufficient on their own against a state-level adversary that has made stealing from the crypto industry a funded national priority.
-
$2B with fewer operations confirming technique refinement producing higher yield per campaign systematically
-
Six months relationship building, still compromised
