North Korea-linked crypto thefts surged by 51% YoY to $2B in 2025 – Report

Global security firms are building consensus that North Korean threat actors remain the biggest threat to the crypto industry. In fact, the American cybersecurity firm, CrowdStrike, recently reported that North Korean hackers stole $2.02 billion in 2025 – Marking a 51% hike from 2024. 

According to the firm, the North Korean adversaries are the “most prevalent target intrusion threat” to financial services, with a focus on crypto. The report cited the capacity to execute and monetize theft at scale in crypto as the main incentive for the ongoing exploits. 

CrowdStrike’s observations are almost similar to CertiK’s, another security firm that estimated North Korea crypto activity rose by 60% in 2025. 

Notably, the North Korean exploits were fewer last year, but included high-value attacks such as the Bybit and Safe Wallet hacks. In other words, the recent KelpDAO and Drift hacks could be part of high-value targets this year. 

Will North Korea’s military defraud the crypto industry?

CrowdStrike noted that the threat actors leverage malware and advanced social engineering to target victims. After a successful heist, the stolen funds are then laundered to support North Korea’s military ambitions. 

According to CrowdStrike, the threat activity will persist in 2026. 

These operations (hacks) will likely continue to intensify in 2026, as international sanctions against the DPRK and the country’s need to fund its military activities continue to drive aggressive cyber-enabled revenue generation activity.

In other words, some of the most viral crypto products may soon fall victim to North Korean hackers. 

Strangely, crypto mixers, one of the favorite laundering mechanisms that the adversaries use, are also now a target. For instance – According to Web3 security investigator ZachXBT, Thorchain was recently compromised, and $10M was lost. 

For the unfamiliar, Thorchain, Tornado Cash, and other crypto mixers hide the origins of funds. As such, they are part of the tools that help North Korean players like the Lazarus group to cash out stolen funds. 

However, regulating these platforms remains highly contested because of their non-custodial design, meaning developers don’t control the funds passing through them.  

It remains to be seen how the final CLARITY Act will empower law enforcement agencies to police the sector and minimize North Korea’s impact while encouraging innovation at the same time. 

Final Summary

CrowdStrike reported that North Korean adversaries intensified exploits by 51% and stole $2B in crypto funds in 2025.
Firm warned that the threats will continue in 2026, citing sanctions against North Korea.