Crypto analysts say North Korean-linked hackers stole more than $2 billion worth of cryptocurrency in 2025, marking a record annual haul and reinforcing the country’s prominence as a major cyber threat to the digital asset ecosystem, according to a report from blockchain analytics firm Chainalysis.

The 2025 total represents a significant 51% increase from 2024 and brings North Korea’s cumulative known crypto thefts to approximately $6.75 billion since tracking began, the report shows.

Record Haul Driven by Few Large Incidents

A large share of the losses this year stemmed from the February hack of Bybit, a major crypto exchange, in which attackers made off with roughly $1.5 billion in digital assets. That single breach accounted for nearly half of the total attributed to North Korean actors in 2025 and was one of the largest crypto heists ever recorded.

Chainalysis data indicates that although the number of attacks fell, the focus shifted toward fewer but far larger exploits targeting centralized services and high-value wallets. These incidents have made North Korea responsible for a disproportionate share of crypto thefts, with analysts estimating the regime’s operations accounted for roughly 76% of all service compromises in 2025.

You might also like: https://www.ycryptonews.com/upbit-cold-storage-after-54b-won-hack

Evolving Tactics and Threat Landscape

The report highlights a shift in tactics from earlier years. Rather than relying on frequent low-impact breaches, North Korean hackers increasingly target high-value centralized platforms and infrastructure. Private key compromises gaining control of wallets or internal systems remain a leading method of attack.

Chainalysis and other security researchers also warn that attackers are using advanced social engineering and infiltration techniques, such as posing as IT workers or recruiters to gain access to sensitive systems and credentials.

Industry and Security Implications

The sharp rise in high-value thefts underscores persistent vulnerabilities in crypto market infrastructure, particularly around centralized exchanges and custodial services. Even as decentralized finance (DeFi) protocols and bridges improve security practices, the ongoing success of nation-state-linked actors like those attributed to North Korea highlights the need for robust threat detection and risk management.

Security specialists say organizations must strengthen both technical defenses and human factors protections, as attackers increasingly exploit social engineering and insider-style tactics to bypass conventional safeguards.

Conclusion

The Chainalysis findings paint a sobering picture of how cryptocurrency theft continues to evolve. With North Korea’s 2025 crypto thefts surpassing $2 billion, the scale and sophistication of nation-state linked attacks pose ongoing threats to market integrity and investor confidence.