<\/p>\n
CertiK, Chainalysis and Elliptic all say DPRK\u2011linked hackers stole about 60% of 2025\u2019s $3.4B crypto theft, including an estimated $2.02B taken by North Korean groups.<\/p>\n
<\/p>\n
Blockchain security firm CertiK says North Korean state-linked hacking groups were responsible for roughly 60% of all crypto stolen in 2025, cementing the DPRK as the single most dangerous actor in the space. That share lines up with independent estimates from Chainalysis and others, which found that North Korea stole about $2.02 billion in digital assets last year out of roughly $3.4 billion in total global crypto thefts.<\/p>\n
<\/p>\n
Chainalysis\u2019 2026 Crypto Crime Report, cited by outlets such as Fortune and the Korea Herald, puts global 2025 crypto theft at around $3.4 billion, with North Korean operations accounting for \u201cnearly 60%\u201d of that figure. The firm estimates that DPRK-linked hackers stole at least $2.02 billion worth of crypto last year \u2014 a 51% increase from 2024 \u2014 pushing the regime\u2019s all\u2011time haul to about $6.75 billion, even as the number of confirmed incidents fell. Elliptic\u2019s separate analysis is broadly consistent, concluding that North Korea\u2013linked groups had already stolen \u201cover $2 billion\u201d in 2025 by early October, before the final wave of attacks.<\/p>\n
The scale is being driven by fewer but much larger heists. Elliptic and Chainalysis both highlight February\u2019s Bybit hack \u2014 variously estimated at around $1.46 billion to $1.5 billion \u2014 as the single biggest crypto theft in history, and one that U.S. authorities quickly attributed to North Korean actors. Other 2025 attacks linked to DPRK groups include the compromises of LND.fi, WOO X and Seedify, along with dozens of smaller service breaches and wallet\u2011draining campaigns. In aggregate, researchers say North Korean hackers were responsible for somewhere between 60% and \u201cmore than half\u201d of all crypto stolen from centralized services and DeFi protocols last year, depending on how the sample of tracked incidents is defined.<\/p>\n
The operational pattern has shifted as well. Instead of relying primarily on \u201cspray and pray\u201d phishing or brute\u2011force smart\u2011contract exploits, DPRK actors increasingly embed IT workers inside exchanges, custodians and Web3 companies to gain privileged access from the inside, according to Chainalysis and Elliptic. Chainalysis notes that North Korea is \u201cachieving larger thefts with fewer incidents,\u201d and that more than 60% of funds stolen in 2025 were laundered in tranches below $500,000 per transaction \u2014 a shift away from the million\u2011dollar\u2011plus lumps that used to define nation\u2011state laundering.<\/p>\n
Those stolen assets have geopolitical consequences. The United Nations and multiple government agencies believe the proceeds are used to finance North Korea\u2019s nuclear weapons and ballistic missile programs, with some estimates suggesting the 2025 take alone could amount to roughly 13% of the country\u2019s GDP. That reality is why CertiK and other security firms frame the threat as systemic and \u201cnation-state level,\u201d not just another wave of opportunistic DeFi hacks \u2014 and why they argue that more sophisticated on\u2011chain compliance tooling, address screening and behavioral analytics are becoming non\u2011negotiable for exchanges, protocols and even wallets.<\/p>\n
As one summary from Tom\u2019s Hardware put it, the \u201cinfernal milestone\u201d of $2.02 billion stolen \u2014 nearly 60% of all crypto theft in 2025 \u2014 is both a security and a policy problem, and it is pushing regulators to look harder at where hacks are happening, how quickly stolen assets are being frozen, and whether existing KYC\/AML frameworks are anywhere near fit for purpose in a world where a single hostile state can drain billions from poorly defended platforms.<\/p>\n
<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"
CertiK, Chainalysis and Elliptic all say DPRK\u2011linked hackers stole about 60% of 2025\u2019s $3.4B crypto theft, including an estimated $2.02B taken by North Korean groups. Summary A handful of mega\u2011hacks…<\/p>\n","protected":false},"author":1,"featured_media":11075,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-28348","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cryptocurrency"],"_links":{"self":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts\/28348","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/comments?post=28348"}],"version-history":[{"count":1,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts\/28348\/revisions"}],"predecessor-version":[{"id":28349,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts\/28348\/revisions\/28349"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/media\/11075"}],"wp:attachment":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/media?parent=28348"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/categories?post=28348"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/tags?post=28348"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}