For the second consecutive year, North Korea has reportedly shattered its own record for cryptocurrency theft, amassing a staggering $2.02 billion in 2025, according to a recent report by blockchain analysis firm Chainalysis. This figure exceeds the previous record of $1.3 billion stolen in 2024, bringing the nation’s total crypto theft to approximately $6.75 billion. The report highlights a global increase in crypto theft, which now totals around $3.4 billion.
A significant portion of this year’s haul is attributed to a high-profile hack of the Dubai-based cryptocurrency exchange, Bybit. In February, hackers linked to North Korea’s elite cyber strike force reportedly stole around $1.5 billion, primarily in Ethereum, as confirmed by Bybit’s CEO. Chainalysis has emerged as a key player in tracking the convoluted web of cryptocurrency transactions, notably following the laundering of funds by cybercriminals.
The international community, including the United Nations, has long accused North Korea of exploiting its hackers to fund its controversial nuclear weapons and missile development programs. Matt Pearl, director of the Strategic Technologies Program at the Center for Strategic and International Studies, noted the challenges in countering North Korea’s operations, citing the country’s isolation and status as a rogue state.
The report indicates that one contributing factor to the increasing thefts is the growing trend of North Korean hackers fraudulently securing remote technical jobs with international companies. This access provides opportunities to steal sensitive information necessary for cryptocurrency theft, such as passkeys needed to access digital wallets.
While other countries have also seen significant cybercrime, including Chinese government hackers being linked to the theft of U.S. COVID relief funds, North Korea’s state-sponsored hacking operation stands out due to its scale and sophistication. Leaked documents have revealed that North Korea has orchestrated some of the most advanced money laundering operations globally.
Cryptocurrencies generally offer easier avenues for laundering compared to traditional currencies. The decentralized nature and large sums held by exchanges make them attractive targets. As cryptocurrencies are stored in digital wallets accessed through passkeys, hackers can quickly transfer stolen assets to their own accounts, largely escaping detection. The Chainalysis report underscores that, despite robust security measures in place, cryptocurrency platforms remain vulnerable due to inherent security challenges.
Given North Korea’s current situation under stringent international sanctions, there are dwindling options to deter its cyber operations. Pearl expressed concern that, without effective countermeasures, North Korea will continue to leverage digital asset theft to sustain its military ambitions. “Obviously, the traditional tools we have had have not worked,” he remarked, suggesting a grim outlook for the ongoing battle against North Korean cybercrime.
