**North Korean Hackers Steal Record $2 Billion in Cryptocurrency in 2025**

The year 2025 will go down in history as one of the most devastating years for cryptocurrency thefts, with North Korean hackers making off with a staggering $2 billion. According to a new report by Chainalysis, this figure represents a 51% increase over 2024 and pushes the Democratic People's Republic of Korea's (DPRK) all-time haul to an astonishing $6.75 billion.

What's even more striking is that these massive attacks have become a hallmark of North Korean hacking efforts. Unlike other cybercriminals, who tend to engage in frequent but smaller-scale thefts, DPRK-linked actors prefer large, centralized crypto services as their targets. This strategy allows them to maximize impact rather than frequency.

The report highlights the significance of the March 2025 hack on Bybit, which resulted in a massive loss of $1.4 billion. It's clear that North Korea's hackers have honed their skills and have become increasingly sophisticated, opting for fewer but more substantial attacks.

**How They Launder the Cash: A Complex Web of Regional Facilitators**

One of the most fascinating aspects of North Korean hacking efforts is how they launder their stolen funds. While other hackers tend to distribute stolen assets in large onchain transfers, DPRK actors have developed a unique approach, consistently working with smaller tranches below $500,000.

This strategy suggests that North Korea's hackers have become increasingly reliant on regional facilitators and specialized services, such as Chinese-language guarantee services, brokers, over-the-counter networks, bridges, and mixing services. In contrast to other cybercriminals, who often use decentralized exchanges (DEX) and peer-to-peer platforms, DPRK actors largely avoid these options.

**The Role of AI in North Korea's Hacking Efforts**

Earlier this year, CoinDesk reported on how North Korea is leveraging AI as a "superpower" in its hacking efforts. Andrew Fierman, head of national security intelligence at Chainalysis, noted that the consistency and fluidity of North Korea's laundering operations are indicative of the use of AI.

"The mechanism by which the laundering is structured, and the scale at which it is done, creates a workflow that combines mixers, DeFi protocols, and bridges early on in the laundering process to convert funds across various crypto assets," Fierman explained.

**A 45-Day Laundering Window: A Timeline for Interception**

Analysis of post-hack activity reveals that major North Korean thefts typically unfold over a roughly 45-day laundering window. This timeline provides valuable intelligence for law enforcement and compliance teams seeking to intercept stolen funds before they are fully cashed out.

**A Shifting Threat Landscape: Mass, Low-Value Theft vs. Rare but Catastrophic Breaches**

As the year comes to a close, it's clear that North Korea's crypto hacking efforts show no signs of slowing down. The report's findings point to an increasingly polarized threat environment, with mass, low-value thefts from individuals on one end and rare but catastrophic service-level breaches on the other.

The statistics are stark: personal wallet compromises accounted for 20% of total value stolen in 2025, dropping from 44% last year. While the number of incidents surged to 158,000, the dollar value taken from individual victims fell 52% to $713 million.