Corea del Norte Roba Al Menos 2,020 Millones De Dólares En Criptomonedas En 2025

In 2025, the crypto market saw “otro año difícil” as stolen funds continued rising, with Chainalysis reporting that “Corea del Norte” stole “al menos 2,020 millones de dólares en criptomonedas.”

“Source: DeFiLlama The concentration of losses in a handful of large DeFi incidents shows how a small number of attacks can still overwhelm broader security improvements across the sector”

Cointelegraph

The EL CEO report says the Chainalysis analysis found a shift in theft patterns, including “la persistencia Corea del Norte como principal agente de amenaza” and “la creciente gravedad de los ataques individuales a servicios centralizados.”

Cointelegraph

It also links the thefts to state priorities, stating that “La ONU y las agencias de inteligencia estiman que estos fondos robados ayudan a financiar los programas de armamento de ese país.”

The same report puts North Korea’s total crypto theft at “6,750 millones de dólares,” and says the attacks accounted for “un récord del 76% de todos los servicios comprometidos.”

It adds that North Korean hackers often launder money in “tramos más pequeños (por debajo de un valor de transferencia de 500,000 dólares),” describing this as evidence of “sofisticación.”

The report further claims North Korea has “intensificado su práctica de infiltrar trabajadores de TI en los servicios de criptomonedas con el fin de obtener acceso y permitir robos de gran impacto.”

It contrasts the number of wallet thefts with the value stolen, saying “el número de robos a carteras personales incrementó hasta los 158,000 en 2025” while the value fell from “1,500 millones de dólares” in 2024 to “713 millones de dólares” in 2025.

By April 2026, crypto thefts and exploits accelerated again, with multiple outlets tying the month’s losses to a small set of large incidents.

Phemex says the industry suffered “606,2 millions de dollars” in losses “à cause de piratages et d’exploits lors des 18 premiers jours d’avril 2026,” calling it “un record depuis février 2025.”

Cryptonews.net

It states that “Deux incidents sont responsables de 95 % de ces pertes,” naming “Drift Protocol sur Solana (285 M$ le 1er avril)” and “le pont rsETH de Kelp (292 M$ le 18 avril).”

The same report says these events bring “le total des vols en 2026 à 771,8 M$ répartis sur 47 incidents en quatre mois et demi,” while noting that “la même période en 2025 comptait 28 incidents totalisant environ 1,75 milliard de dollars.”

Cryptonews.net and Cointelegraph both cite DeFiLlama totals for April, with Cryptonews.net saying “$629.7 million” and calling it “the highest since $1.47 billion in February 2025.”

Cointelegraph likewise frames April as the worst month since February 2025, stating “Crypto hack losses top $630M in April, highest since February 2025” and repeating the DeFiLlama figure “$629.7 million.”

Across the reporting, the month’s pattern is consistent: a handful of high-value DeFi incidents drive the majority of losses, with Phemex emphasizing “Deux exploits totalisent à eux seuls 577 M$ sur les 606,2 M$ de pertes.”

The April 2026 losses were driven by two named incidents, and the sources describe different technical mechanisms behind each exploit.

“El mercado de las criptomonedas enfrentó otro año difícil en 2025, con fondos robados continuando su trayectoria ascendente, siendo Corea del Norte el país que robó al menos 2,020 millones de dólares en criptomonedas, de acuerdo con el reporte de Chainalysis, empresa líder en análisis de datos blockchain”

EL CEO

Phemex says the “manipulation d’oracle” on Drift enabled theft of “285 M$” by injecting “des prix manipulés via des paires faiblement liquides,” which “déclenchant des liquidations en cascade que le moteur de risque n’a pas pu stopper.”

It adds that the attack sequence “a duré moins de 90 secondes (dans un même lot de blocs Solana)” and that “les coupe-circuits n’étaient pas calibrés pour des mouvements de prix aussi soudains.”

Phemex also describes Drift’s oracle design as relying on “une moyenne pondérée de plusieurs flux de prix pour déterminer le mark price des contrats,” and says the attacker pushed reference prices on “trois paires Solana peu liquides” to distort the mark price of “BTC-PERP.”

For Kelp, Phemex says the exploit hit the “pont rsETH de liquid restaking” and involved “une faille de vérification des messages” that allowed “la validation de preuves de retrait falsifiées.”

It describes a specific method: the attacker submitted “une preuve fictive d’un dépôt massif d’rsETH sur une chaîne puis a retiré les fonds sur l’autre,” and says the bridge contract validated the proofs because “la vérification du Merkle root n’était pas correctement effectuée.”

LaRepublica.co quotes Drift’s own statement on X, saying “Earlier today, a malicious actor gained unauthorized access to the Drift Protocol through a novel attack involving long-lived nonces,” and adds that the takeover involved “administrative powers of Drift’s Security Council.”

While Drift and Kelp dominated the headline numbers, other DeFi incidents described in the sources show how losses extended across multiple platforms and chains.

Yellow reports that Volo Protocol, a “plateforme de liquid staking sur Sui,” said an attacker “avait vidé environ 3,5 millions de dollars de trois de ses coffres mercredi,” and that the team “a gelé tous les coffres et alerté la Sui Foundation.”

LaRepublica.co

Yellow specifies which assets were stolen, saying the assets included “Wrapped Bitcoin (WBTC), le jeton adossé à l’or XAUm et l’USD Coin (USDC),” and notes that “Seuls trois coffres ont été touchés.”

Cointelegraph and Cryptonews.net describe additional April attacks beyond the two largest incidents, including Wasabi Protocol, Sweat Economy, and Aftermath Finance.

Cointelegraph says Wasabi Protocol was “drained of around $5.5 million across Ethereum, Base, Blast and Berachain networks,” and says Sweat Economy “reportedly lost $3.46 million, or about 65% of its liquidity pool, in under 30 seconds.”

It also says Aftermath Finance suffered an exploit on its perpetuals platform, where “the attacker drained about $1.1 million in USDC across 11 transactions in roughly 36 minutes,” citing Blockaid.

Cointelegraph quotes Chainalysis head of security solutions Yaniv Nissenboim saying, “What connects these incidents is that well-resourced attackers are finding novel ways to exploit the seams between on-chain protocols and the offchain systems they depend on.”

Alongside the technical and financial fallout from hacks, the sources describe regulatory and enforcement actions that are tightening pressure on crypto activity.

“Pirateries Crypto d’Avril 2026 : 606 M$ perdus en 18 jours, un record depuis février 2025 L’industrie crypto a subi des pertes estimées à 606,2 millions de dollars à cause de piratages et d’exploits lors des 18 premiers jours d’avril 2026”

Phemex

The Crypto Basic report says Malaysia removed Bybit from its investor warning list, with CEO Ben Zhou confirming the update on X and stating the decision followed “constructive” engagement with the Securities Commission Malaysia.

Phemex

It says Bybit was first added to the investor alert list in 2021 for operating without proper authorization, and that it “ceased operations in Malaysia in December 2025 following regulatory pressure.”

The report also states that Bybit has taken steps to strengthen its local presence, including “an investment in Hata, a licensed trading platform,” and says Zhou emphasized that “strong regulatory compliance is essential for sustainable growth.”

On the enforcement side, Crypto Basic says the United States seized “nearly $500 million in Iranian digital assets,” and quotes Treasury Secretary Scott Bessent disclosing the figure during an interview with Fox Business, linking the seizures to “Operation Economic Fury.”

It adds that the operation was “Launched under an executive order by Donald Trump in March 2025,” and says it includes “asset seizures, account freezes, and sanctions targeting countries that purchase Iranian oil.”

The same report says the newly reported total “exceeds earlier estimates of $344 million,” and that “Tether confirmed it had frozen more than $344 million in USDT at the request of US authorities.”