Catenaa, Thursday, January 01, 2026-North Korean state-linked hackers have stolen more than $2.1 billion in cryptocurrency so far in 2025, marking the largest year on record for crypto theft tied to the regime, according to blockchain analytics firm Chainalysis.
The attacks, attributed to groups operating on behalf of Pyongyang, surpassed the total stolen during all of 2024 and reflect an escalating campaign to generate revenue amid tightening international sanctions. Analysts say proceeds are used to support the country’s weapons programs and evade financial restrictions.
The largest incident occurred on Feb. 21, when hackers breached crypto exchange Bybit and siphoned nearly $1.5 billion worth of Ethereum, the biggest single theft in the industry’s history. That attack was followed by additional breaches, including a recent $37 million theft from South Korean exchange Upbit.
Chainalysis reports that North Korean hackers refined their methods throughout the year, expanding beyond direct exchange exploits. Operations increasingly included supply-chain attacks against third-party service providers and custodians, as well as infiltration of technology firms using false identities to gain internal access.
Stolen funds were laundered through multiple channels, including mixing services, over-the-counter brokers, decentralized exchanges, token swaps, and cross-chain bridge protocols. Analysts noted that laundering now occurs across several platforms at once, often executed rapidly to obscure transaction trails.
Despite growing sanctions, authorities say the activity shows little sign of slowing. Security experts warn that advances in artificial intelligence could further enhance identity fraud and automated laundering schemes.
Industry specialists say stronger identity checks, enhanced monitoring, and closer coordination between exchanges, analytics firms, and law enforcement are necessary to disrupt future attacks and limit losses.
