North Korea-Linked Hackers Stole $2.02 Billion in Crypto in 2025, Losses Up 51%

North Korea-linked hackers intensified their footprint in the crypto ecosystem during 2025, delivering losses exceeding $2 billion and marking a 51% year-over-year rise, according to CrowdStrike’s 2026 Financial Services Threat Landscape Report cited by MEXC.

“Record crypto theft in 2025: more than $2 billion in cryptocurrencies stolen by North Korea, a threat that upends global financial security”

BDOR

SecurityBrief UK said CrowdStrike found North Korea-linked attackers stole USD $2.02 billion in digital assets in 2025 and described it as a 51% year-on-year increase.

BDOR

MEXC also reported that the DPRK threat network pursued fewer campaigns than in previous years while focusing on high-value targets and tightening the chain from theft to cash-out.

In the same CrowdStrike framing, SecurityBrief UK highlighted that one incident linked to PRESSURE CHOLLIMA accounted for USD $1.46 billion in cryptocurrency losses and said the theft was carried out through trojanised software distributed in a supply chain compromise.

MEXC further said stolen proceeds are believed to be laundered to fund the regime’s military programs, positioning DPRK-linked actors as the largest threat by the dollar value of assets stolen.

MEXC described a shift toward high-value targets and said Web3 projects and cryptocurrency exchanges were favored targets due to easier liquidity and greater anonymity when cashing out.

CertiK, as quoted by Decrypt, said North Korea-linked hackers were responsible for 60% of all crypto theft losses in 2025, totaling $2.06 billion in attributed losses, and said social engineering was the “dominant attack vector.”

Cointelegraph

Decrypt also tied the laundering speed to a “large-scale laundering infrastructure” including decentralized exchanges and cross-chain bridges, adding that in one major case “86% of funds were laundered within just one month.”

SecurityBrief UK said North Korea-linked operators used AI-generated identities, recruiter personas and synthetic video conferencing settings to target cryptocurrency exchanges, fintech platforms and consumer banks.

In that same SecurityBrief UK account, Adam Meyers of CrowdStrike said, "Financial services organizations face threats from every direction and AI is making each of them harder to stop," framing AI as a force that accelerates deception and credential theft.

Chainalysis analysis cited by El Cronista said cryptocurrency theft reached an all-time high in 2025, surpassing USD 3.4 billion globally between January and early December, and warned that this raised risks for individual users and digital asset platforms.

“## Market Snapshot The “Total Crypto Hack Value in 2026” market indicates a 70% YES for hacks exceeding $1”

Crypto Briefing

El Cronista reported that North Korea-linked hackers stole at least USD 2.02 billion during 2025, a 51% year-over-year increase, and accounted for 76% of attacks on services, raising the historical accumulated amount of thefts attributed to that country to USD 6.75 billion.

The same Chainalysis analysis said there were 158,000 theft incidents in 2025 and at least 80,000 unique victims, while the amount stolen from individual users fell to USD 713 million.

DiarioBitcoin added that the bulk of the loot came from the Bybit exchange hack, which lost between USD 1.4 and 1.5 billion in a single incident and said the attack was part of a set of major breaches that accounted for about 69% of total losses in centralized services during 2025.

El Cronista concluded that centralized services remained particularly vulnerable, noting that during the first quarter of 2025 private key compromises accounted for 88% of losses, even as DeFi losses slowed while total value locked rose again.