Bigger attacks, fewer targets: North Korea steals 51% more crypto in 2025

A Shocking Rise in North Korean Crypto Heists

In 2025, the crypto world faced an unprecedented threat from an old adversary. North Korean hackers, known for their sophisticated cyber operations, stole over $2 billion in cryptocurrencies. This marks a massive <51% year-over-year increase>, according to blockchain analytics leaders. It’s a clear sign of evolving tactics: .

Since 2016, these state-sponsored groups have amassed a staggering $6.7 billion from crypto thefts. But this year stood out. Attacks dropped by 74%, yet the hauls grew exponentially larger. Instead of spraying small-scale exploits across the ecosystem, North Korea’s operatives now focus on high-value targets like major exchanges and custodial platforms.

The New Strategy: Go Big or Go Home

Traditional cybercriminals might nick funds from DeFi protocols or individual wallets in dozens of small hits. North Korean hackers? They’re playing a different game. Their average theft dwarfs typical hacks by orders of magnitude. Chainalysis data reveals the largest 2025 North Korean attack was <1,000 times bigger> than a standard crypto breach—think $1,000 pocket change versus a $1 million jackpot.

Prime example: the February Bybit hack. Operatives linked to the Democratic People’s Republic of Korea (DPRK) siphoned $1.5 billion in one swoop. That single event accounted for 75% of their annual total. No wonder they dominated 76% of all major exchange and platform hacks this year—the highest share on record.

• Fewer but deadlier strikes: 74% drop in attack volume.
• Enormous payouts: Average hack size skyrockets.
• Prime targets: Centralized exchanges over DeFi wild west.

From External Hacks to Insider Threats

North Korea’s playbook has shifted dramatically. Gone are the days of brute-force external attacks. Now, it’s all about infiltration. DPRK hackers embed IT workers directly into crypto firms, securing privileged access for massive internal heists.

But they’ve innovated further. Reports highlight a clever inversion: fake recruiters posing as reps from top crypto and AI companies. Using platforms like Upwork and Freelancer, they target global talent. The scam is simple—victims hand over verified credentials, source code, or VPN access. In return? A 20% cut of the spoils, with hackers keeping 80%.

At higher levels, social engineering ramps up. Bogus emails from “strategic investors” or “acquirers” trick executives into spilling secrets. Industry insiders estimate 30-40% of job applications at crypto companies come from DPRK operatives. It’s a infiltration epidemic.

“When North Korean hackers strike, they target large services and aim for maximum impact.”

This insider approach explains the scale. Why crack a vault from outside when you can walk in with the keys?

The Broader Impact on Crypto Security

These aren’t just thefts—they’re a national security crisis. North Korea funds its regime through crypto, evading sanctions and fueling illicit activities. Experts call it a multi-layered threat: sanctions evasion, financial crime, and geopolitical warfare.

Crypto exchanges and platforms bear the brunt. In 2025, DPRK actors claimed the lion’s share of big breaches. This dominance raises alarms for the entire industry. Smaller players might dodge bullets, but giants like Bybit show no one’s safe.

Countering this demands more than firewalls. Real-time intelligence, operational takedowns, and global cooperation are essential. Firms must vet hires rigorously, train staff on social engineering, and deploy advanced blockchain forensics.

Key Lessons for Crypto Companies in 2026

As we head into the new year, here’s how to fortify defenses against :

1. Screen Job Applicants Thoroughly: Use background checks, video interviews, and IP tracing. That 30-40% infiltration rate? It’s real.
2. Lock Down Freelance Platforms: Verify recruiters and limit credential sharing.
3. Enhance Executive Protections: Train C-suite on investor scams.
4. Leverage Analytics Tools: Platforms like Chainalysis can flag suspicious flows early.
5. Adopt Multi-Sig and Timelocks: Even insiders can’t drain funds instantly.

Proactive measures could slash risks. The crypto space has grown resilient—on-chain transparency helps track stolen funds—but state actors like North Korea exploit human weaknesses.

Looking Ahead: Will 2026 See Even Bigger Heists?

With $2 billion already in 2025 pockets, expect escalation. DPRK hackers are adapting faster than defenses. As AI integrates deeper into crypto ops, their fake recruiter schemes could evolve, blending deepfakes with phishing.

Yet, hope lies in unity. Governments, exchanges, and analytics firms are ramping up. Recent disruptions have clawed back millions. The key? Stay vigilant against .

The <51% surge> isn’t just a stat—it’s a wake-up call. In a borderless blockchain world, define the new cybercrime era. Protect your assets, or become the next headline.