North Korean hackers have reached a staggering new milestone, stealing a record $2.02 billion in cryptocurrency throughout 2025. This figure represents nearly 60% of the $3.4 billion in total crypto thefts reported globally this year. According to data from Chainalysis, the rogue state has now stolen a total of $6.75 billion in known cryptocurrency value since records began.
The most significant loss of the year was the massive $1.5 billion heist targeting ByBit. The FBI has officially attributed this attack to actors from the Democratic People’s Republic of Korea (DPRK), noting that this single operation accounted for almost 75% of the total amount stolen by the country in 2025. These lucrative operations are reportedly used to fund the regime’s coffers as it continues to navigate the pressure of international sanctions.
The DPRK’s tactics have become increasingly sophisticated, often involving long-term infiltration. One common technique involves operatives posing as IT professionals to gain employment within target companies. Once embedded, these individuals seek out system vulnerabilities and gain privileged access to prepare for a future attack. In one instance, an infiltrator was caught by Amazon after security teams noticed unusual latency in their keystrokes.
Another deceptive strategy involves posting fake crypto job listings. Unsuspecting applicants are required to install software that contains malware, which then exfiltrates sensitive data—including credentials, source code, and SSO access—from the applicant’s current employer. Additionally, hackers have targeted senior executives with fake buyout offers, using the “due diligence” phase to scan for security weaknesses and compromise digital wallets.
Despite the rise in North Korean activity, there is a silver lining in the broader market: decentralized finance (DeFi) protocol losses are falling relative to the total value stored on the blockchain. Chainalysis suggests this is due to improved security measures within DeFi platforms. However, this has caused attackers to pivot toward “softer” targets, such as centralized exchanges, custodians, and personal wallets.
The 2025 data highlights a shift in the DPRK’s strategy toward quality over quantity. While the number of known attacks from North Korea decreased by 74%, the total value stolen actually increased by 51%. This indicates that the regime is successfully pursuing larger, more high-profile targets with devastating precision. Financial institutions and crypto platforms are urged to remain highly vigilant as the DPRK continues to hunt for even bigger targets in the coming year.