Cryptocurrency hacking incidents rose sharply in 2025, with cybercriminals linked to the North Korean government stealing more than USD 2 billion in digital assets, primarily targeting Ethereum and Solana, according to U.S. investigators.

According to #Chainalysis, North Korean hackers stole approximately $2.02 billion in cryptocurrency in 2025, highlighting the increasing complexity of on-chain security threats.

Crypto theft can occur through multiple vectors. At #CipherBC, we work closely with leading security… pic.twitter.com/1xjE0yB37C

— CipherBC (@CipherBC) December 18, 2025

While the number of North Korea–attributed attacks fell by 74% year over year, the financial impact increased dramatically, underscoring a shift toward fewer but far more devastating breaches. As a result, total stolen funds continued to climb despite noticeable improvements in security measures across the crypto industry.

Why Are North Korean Crypto Attacks Becoming More Severe?

This dramatic shift highlights how the isolated state has refined its crypto theft strategy in 2025. Instead of launching numerous small-scale hacks, attackers are now focusing on large, high-impact operations capable of netting billions of dollars in a single incident.

The most notable example occurred in February, when hackers stole USD 1.5 billion from Bybit, an attack that alone accounted for the majority of crypto losses in 2025. The incident has been described as the largest cryptocurrency theft in history.

Additional breaches, including attacks linked to platforms such as Upbit, further illustrate the growing risks faced by centralized crypto exchanges.

According to blockchain analytics firm Chainalysis, North Korea has stolen approximately USD 6.75 billion in cryptocurrency since 2016. However, its methods have evolved significantly. Investigators report that operatives have posed as IT employees within crypto companies, gaining insider access to security systems and private keys.

In more advanced schemes, hackers have impersonated recruiters from major crypto firms, conducting fake job interviews to trick victims into downloading malware. These so-called technical interviews are designed to steal login credentials and gain access to corporate networks.

Why North Korea Dominates Global Crypto Hacking

This strategy has proven effective because crypto exchanges process billions of dollars in assets daily. Chainalysis notes that a single successful breach can finance state operations for months or even years.

By early December 2025, total stolen cryptocurrency had surged to an estimated USD 3.4 billion, with North Korea–linked attacks accounting for 59% of the total, highlighting the country’s dominance in the crypto hacking landscape.

At the same time, attacks on individual wallets also increased significantly. Roughly 158,000 hacking incidents targeted around 80,000 victims, though total losses from personal wallet hacks declined from USD 1.5 billion in 2024 to USD 713 million in 2025.

This trend suggests hackers are targeting more individuals but stealing smaller amounts per victim, possibly reflecting stronger security at major exchanges and a shift toward easier targets.

North Korean hackers are also known for distinct laundering techniques, which have helped investigators trace stolen funds. These methods include using money-laundering services linked to Chinese entities and exploiting cross-chain bridges. Analysts have also identified a characteristic pattern in which most stolen funds are moved within 45 days following major breaches.