North Korea Linked to Over $2 Billion in Cryptocurrency Theft in 2025, Says Chainalysis Report

Chainalysis released a report indicating that over $2 billion worth of cryptocurrency was stolen by North Korean hackers in 2025, despite a decline in the number of confirmed attacks. This revelation is part of a larger analysis showing that more than $3.4 billion in cryptocurrency was stolen globally from January to early December of the same year, highlighting a significant issue in the industry. A major factor contributing to the total was a single breach at the crypto exchange Bybit, which alone resulted in a loss of approximately $1.5 billion.

The report highlights a shift in the landscape of cryptocurrency theft, with personal wallet compromises becoming more prevalent over recent years, accounting for 44% of the total stolen value in 2024. However, the Bybit incident in 2025 skewed this distribution back towards centralized services, which made up 88% of stolen value in the first quarter. This underscores the ongoing challenge faced by these platforms regarding the security of private keys. Although such large-scale key compromises are infrequent, their impact can be severe, as seen in the Bybit case.

Chainalysis noted a significant disparity between typical crypto thefts and the largest attacks in 2025, with the ratio between the largest hack and the median incident exceeding 1,000 times in terms of the USD value of funds at the time of theft. Such a concentration of risk indicates that while the average size of incidents aligns moderately with asset prices, major breaches disproportionately affect annual loss totals. The top three hacks of the year constituted 69% of all service-related losses, illustrating the influence of individual breaches on the overall figures.

North Korea continues to be a prominent state-sponsored threat in the cryptocurrency space. In 2025, hackers linked to the Democratic People’s Republic of Korea (DPRK) managed to steal approximately $2.02 billion, marking a 51% increase from the previous year. This increase contrasts with a reduction in the number of confirmed incidents attributed to DPRK, pushing the lower-bound estimate of cryptocurrency stolen by the nation to $6.75 billion. The report attributes this efficiency to North Korea’s deployment of IT workers who infiltrate exchanges, custodians, and Web3 firms, gaining internal access that facilitates significant breaches.

The Chainalysis report also sheds light on North Korean laundering activities, revealing a preference for conducting transactions in smaller tranches. Although they steal large sums, over 60% of the volume is moved in amounts less than $500,000. Their laundering methods often involve Chinese-language financial services, cross-chain bridges, mixing services, and specialized platforms, reflecting a strategic and concentrated approach to managing stolen assets.

This trend towards fewer but larger attacks, particularly those involving state actors like North Korea, poses a growing challenge for the cryptocurrency industry. It calls for enhanced security measures and regulatory frameworks to mitigate risks associated with centralized service vulnerabilities and to address geopolitical threats.

Looking ahead, the findings from Chainalysis highlight the importance of strengthening security protocols and international cooperation to combat cryptocurrency theft effectively. As the industry evolves, it will be crucial for stakeholders to adapt to these emerging threats, ensuring robust defenses against both opportunistic and strategically planned breaches. The financial and regulatory communities will need to work collaboratively to develop comprehensive strategies that both safeguard digital assets and address the burgeoning role of state-sponsored actors in the cybercrime landscape.