According to a report by Bloomberg, researchers pointed out that North Korean hackers stole as much as $2 billion in cryptocurrency this year, setting a new record, significantly up from 2024, indicating that the country's ability to conduct large-scale cryptocurrency theft is increasing.

According to a report by blockchain analysis company Chainalysis, a significant portion of the amount comes from the incident in February, considered the largest hacking event in cryptocurrency history: North Korean hackers stole about $1.5 billion from the cryptocurrency exchange Bybit. The research institution stated that this incident has also raised the total amount of cryptocurrency stolen by North Korea since records began to at least $6.75 billion.

The report indicates that North Korea "remains the largest national-level threat to cryptocurrency security." Research shows that the cryptocurrency assets obtained through theft have increased by over 50% compared to last year, accounting for the largest share of the estimated $3.4 billion in stolen funds in the cryptocurrency industry from January to early December.

Source: Chainalysis

Researchers noted that although the number of North Korea-related thefts revealed this year is fewer, the country’s long-term practice of placing IT workers in cryptocurrency service companies to obtain privileged access has still helped it successfully launch several significant cybersecurity intrusions.

Andrew Fierman, the head of national security intelligence at Chainalysis, stated in an email to Bloomberg News:

"Stealing cryptocurrency has become a highly profitable way for North Korea to raise funds. Therefore, the proceeds from these hacker attacks further support the regime and its large-scale weapons of mass destruction program."

Chainalysis stated that the large flow of stolen funds appearing in early 2025 allowed researchers to observe for the first time how North Korean hackers launder large amounts of cryptocurrency. They employed highly complex methods, including splitting on-chain payments into smaller multiple amounts to reduce the chance of being flagged as suspicious transactions.

Chainalysis wrote:

"The money laundering activities of the DPRK (North Korea) show a distinct feature of amount segmentation, with slightly over 60% of the transaction volume concentrated in single transfer amounts below $500,000. In contrast, other fund stealers have over 60% of their funds transferred on-chain in segmented amounts of over $1 million to $10 million. Although the scale of funds stolen by North Korea is consistently higher than that of other threat actors, their deliberate splitting of on-chain payments into smaller amounts shows that their money laundering methods are quite sophisticated."

Last month, South Korea's largest cryptocurrency exchange, Upbit, reported that its platform had been attacked by hackers, coinciding with the day after the company announced it would be acquired by Naver, with approximately $30 million in digital assets being transferred away. South Korean media reported that the suspected North Korean hacker group 'Lazarus Group' was behind this theft.

Related reports: (Paradigm researchers unveil the mystery behind North Korean hackers, it's not just the Lazarus Group!)

Source