North Korea’s Crypto Heists Hit Record Levels As Attacks Grow More Surgical
North Korea-linked cyber units extracted over $2 billion in cryptocurrency during 2025, setting a new annual record, according to Chainalysis.
The surge came despite fewer total attacks, signaling a strategic shift toward precision rather than volume. Cumulative theft attributed to the regime now stands near $6.75 billion.
Fewer Breaches, Outsized Damage
Instead of launching many small hacks, attackers focused on high-impact targets. A single incident illustrates the change. The Bybit exchange breach in February, which drained roughly $1.5 billion, accounted for most of the year’s losses. That concentration highlights a clear priority: fewer operations, maximum payoff.
This approach reduces exposure while delivering scale. It also strains defenses built around detecting frequent, lower-value attacks.
Human Access Becomes The Weak Link
Chainalysis notes a clear evolution in tactics. Technical exploits are no longer the primary entry point. North Korean groups increasingly rely on social engineering, including fake IT hires, executive impersonation, and insider-style access. The emphasis has shifted from breaking systems to manipulating people.
This trend changes the security equation. Even well-audited code offers limited protection when attackers gain legitimate credentials.
Laundering Grows More Fragmented
After theft, funds move through a familiar but increasingly complex pipeline. Cross-chain bridges, mixers, and Chinese-language laundering services remain common tools. Assets are split into smaller transactions and routed across multiple networks, slowing detection and recovery.
These methods don’t make tracking impossible. They make it slower, which often proves enough.
READ MORE: VanEck Pushes Staking-Enabled Avalanche ETF Closer To Market
Individuals Become Preferred Targets
As large exchanges harden defenses, attackers are widening their focus. High-net-worth individual wallets are now targeted more frequently. These holders often lack institutional-grade monitoring, yet control significant balances.
Chainalysis concludes the pattern is clear. Crypto theft remains a key sanctions workaround for Pyongyang, and tactics continue to adapt as defenses improve. The threat is no longer just technical—it is organizational and human.
Alexander Zdravkov
Reporter at CoinsPress
Alexander Zdravkov interessiert sich leidenschaftlich für Bedeutungsfragen. Er ist seit mehr als drei Jahren im Kryptobereich tätig und hat ein Auge dafür, aufkommende Trends in der Welt der digitalen Währungen aufzuspüren. Ob er nun tiefgreifende Analysen liefert oder tagesaktuell über alle Themen berichtet, sein tiefes Verständnis und seine Begeisterung für das, was er tut, macht ihn zu einer wertvollen Ergänzung für das CoinsPress-Team.
