$2.02 Billion Stolen in 2025, Chainalysis Reports

In a staggering escalation of state-sponsored cybercrime, North Korean hackers stole a record $2.02 billion in cryptocurrency during 2025, according to Chainalysis’s preview of the 2026 Crypto Crime Report released on December 18, 2025. This marks a 51% increase from 2024 and pushes the DPRK’s cumulative theft since tracking began to approximately $6.75 billion.

North Korea accounted for roughly 59-60% of the total $3.4 billion stolen globally in hacks that year, with DPRK-linked actors responsible for a record 76% of all service-level compromises by value. The report highlights a strategic shift: fewer attacks but higher impact, including the massive $1.5 billion Bybit breach in February – the largest single crypto heist ever.

Key Statistics from the 2025 Report

Total Global Stolen Funds: Over $3.4 billion from January to early December 2025.
North Korea’s Share: At least $2.02 billion, up $681 million from 2024.
Attack Frequency: 74% fewer known incidents than previous years, yet value stolen surged due to targeted, high-value breaches.
Personal Wallet Compromises: Surged to **158,000 incidents** (triple 2022 levels), affecting ~80,000 unique victims, though value stolen per victim declined (total ~$713 million, down 52% from 2024 peak).
Service-Level Focus: DPRK dominated centralized exchanges and custodians, with the top three hacks (including Bybit) comprising 69% of losses.

These figures underscore North Korea’s role as the most prolific nation-state threat, using stolen funds to evade sanctions and support state priorities, including weapons programs.

Evolving Tactics: From DeFi Exploits to Insider Infiltration

North Korean groups like Lazarus have pivoted from DeFi vulnerabilities (suppressed by improved security) to centralized services and personal wallets. A major vector is “Wagemole” – embedding fake IT workers inside crypto firms for privileged access, accelerating breaches. Hackers pose as recruiters for Web3 jobs, conduct fake technical interviews, or impersonate investors/executives to steal keys, code, or funds.

This social engineering mirrors past operations like Operation Dream Job, but with greater sophistication. The Bybit hack alone—$1.5 billion—exemplifies the damage from insider-like access.

Implications for the Crypto Ecosystem

The report warns that DPRK’s predictable laundering (45-day cycles via Chinese OTC brokers, mixers, and bridges) offers detection opportunities, but their efficiency – often using AI for fluidity – complicates interception. Personal wallet attacks rose sharply (from 7% of value in 2022 to peaks of 44% in 2024, settling at 20-37% in 2025 excluding outliers), driven by phishing and malware.

For 2026, Chainalysis urges enhanced defenses against infiltration and better user education on wallet security. As volumes grow, such threats could undermine trust, especially with DPRK achieving outsized results from fewer strikes.

North Korea’s 2025 haul cements its dominance in crypto crime, stealing more with precision amid a $3.4 billion global loss year. As tactics evolve toward human vulnerabilities, the industry must adapt – or risk even larger breaches ahead.

Also read:

Author: Slava Vasipenok
Founder and CEO of QUASA (quasa.io) – Daily insights on Web3, AI, Crypto, and Freelance. Stay updated on finance, technology trends, and creator tools – with sources and real value.

Innovative entrepreneur with over 20 years of experience in IT, fintech, and blockchain. Specializes in decentralized solutions for freelancing, helping to overcome the barriers of traditional finance, especially in developing regions.

This is not financial or investment advice. Always do your own research (DYOR).