In a year marked by unprecedented cyber aggression, hackers from the Democratic People’s Republic of Korea have plundered cryptocurrency platforms for billions, further cementing their status as the industry’s most prolific thieves.
Driven by the regime’s need to fund its nuclear weapons amid tightening international sanctions, hacker groups like Lazarus have refined their tactics to continuously exploit vulnerabilities in the global blockchain and crypto sector.
The scale of North Korea’s crypto operations in 2025 has shattered previous records. Chainalysis said North Korea-affiliated hackers stole more than $2.17 billion in crypto during the first half of 2025 — surpassing the total for all of 2024 and marking the worst year-to-date on record.
The crown jewel of this year’s heists was the Feb. 21 breach of Bybit, where hackers siphoned nearly $1.5 billion in Ethereum — the largest single crypto theft in history. This incident was followed by a string of similar attacks attributed to North Korea, including the recent $37 million hack of South Korean exchange Upbit.
Pyongyang’s state-led cyberattacks continue to escalate despite mounting international sanctions targeting the country, as well as individuals and entities involved in the acts.
“North Korea will always seek new vectors to steal funds on behalf of the regime, whether through fiat or crypto,” Andrew Fierman, head of national security intelligence at Chainalysis, told The Block. “Therefore, their mechanisms are forever evolving, and are highly sophisticated, diversified, and deeply embedded across jurisdictions.”
Fierman said sanctions alone are far from sufficient, and noted that disrupting North Korea’s rapidly evolving hacking and laundering ecosystem requires coordinated action across the entire industry — including exchanges, blockchain analytics firms and law enforcement. He added that the regime is expected to continue relying on crypto hacks as a core revenue stream.
Evolving tactics
Chainalysis said hacker groups linked to the DPRK adopted new and aggressive techniques this year, including coordinated supply-chain attacks targeting third-party service providers and fund custodians.
Their IT firm infiltration operations remain strong, seeping into AI, blockchain and defense sectors under false identities to gain access to company infrastructure or crypto reserves.
The DPRK’s crypto laundering route has also evolved in complexity, Chainalysis noted.
“Stolen funds follow diverse laundering paths, including mixing services, OTC brokers, chain-hopping, token swaps, decentralised exchanges, and bridge protocols to obscure flows,” Fierman said.
Fierman added that the hallmark of DPRK-linked crypto hacking operations is now the simultaneous use of multiple large-scale laundering channels, executed at speed to obscure the flow of stolen funds.
The blockchain security expert said evolving AI technologies could further fortify North Korean tactics. AI could assist DPRK hackers by crafting more convincing personas for identity-based infiltration and by automating the laundering process to make it both more complex and rapid.
Preventive measures
Fierman said one preventive approach that could actually work against the DPRK cyber actors is enhanced due diligence by companies. Mandatory video interviews, stricter identity-verification checks, IP and geolocation monitoring, and limits on opaque payment methods such as crypto can help platforms detect and block potential North Korean IT workers before they gain access, he said.
This due diligence can help identify inconsistencies, financial flows and access patterns of fraudulent IT workers from North Korea, according to the security expert.
“Ultimately, however, we should be realistic. As long as there is crime, illicit financial activity such as hacks will continue to occur,” Fierman said. “This is why close collaboration between platforms, private-sector, and law enforcement is critical. When intelligence is shared quickly, and response pathways are clear, illicit actors will have far fewer opportunities to deploy their tactics — acting as more of a deterrent for future activities.”
© 2025 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.
Trade Crypto On Coinhub Exchange
Trade Crypto On Coinhub Exchange
Stay ahead of the market by turning news insights into trading opportunities. With Coinhub Exchange, you can seamlessly buy, sell, and manage your digital assets, all in one secure platform. Take advantage of real-time market insights, deep liquidity, and fast execution for your favorite cryptocurrencies. Don’t just read about it — trade crypto now!
Disclaimer
The content of this article shown by Coinhub News, powered by The Block, is for informational purposes only and should not be construed as financial, legal, tax, or investment advice. Coinhub News and its affiliates are not a licensed financial advisor, legal advisor, broker, or tax advisor, and ... should not be considered as professional advice or a recommendation to engage in any specific investment, legal decision, or financial transaction. Cryptocurrency markets are highly speculative and volatile. Readers should perform their own independent research and consult with a qualified professional before making any financial or legal decisions. The opinions expressed in this article are those of the author and do not necessarily represent the views or opinions of the Company of its affiliates. Additionally, the Company does not make any representations or warranties regarding the accuracy, timeliness, reliability, or completeness of any information in this article. By accessing this content, you acknowledge that any reliance on the information contained in this article is solely at your own risk. The Company is not responsible for any financial losses, legal disputes, or other damages that may arise from reliance on this content or from any investment or legal decisions based on the information provided. Investing in cryptocurrencies involves substantial risks, including the risk of losing your entire investment, and you should carefully consider whether it is appropriate for your circumstances.
Read more
