North Korea remains dominant threat to cryptocurrency security in 2025, even while confirmed incidents have decreased, according to a report by blockchain analytics company Chainanlysis.
Hackers from the Democratic People’s Republic of Korea (DPRK) allegedly stole a record $2.02 billion of crypto this year — a 51% jump compared to 2024, and taking their all-time total to $6.75 billion, it added.
The analysis further found that the DRPK is achieving larger thefts with fewer incidents, using unique methods to gain access and pull off their heists.
“Part of this record year likely reflects an expanded reliance on IT worker infiltration at exchanges, custodians, and web3 firms, which can accelerate initial access and lateral movement ahead of large‑scale theft,” it noted.
“At the executive level, a similar social‑engineering playbook appears in the form of bogus outreach from purported strategic investors or acquirers, who use pitch meetings and pseudo-due diligence to probe for sensitive systems information and potential access paths into high‑value infrastructure,” it added.
It noted that “this year’s record haul came from significantly fewer known incidents”, including the massive $1.5 billion Bybit hack in February 2025.
“Even while the DPRK consistently steals larger amounts than other stolen fund threat actors, they structure on-chain payments in smaller tranches, speaking to the sophistication of their laundering,” it added.
