$2 Billion in One Year: Inside North Korea’s Expanding Crypto Heist
I still remember the first time I saw a wallet get drained in real time. The balance blinked, refreshed, and then it was gone. No chargeback. No undo button. Just empty. That feeling sums up why this story matters.
For the second year in a row, North Korea has smashed its own crypto crime record. New research shows the country stole $2.02 billion in cryptocurrency in 2025 alone. That is more than last year. More than ever before.
According to a new report from blockchain tracking firm Chainalysis, North Korea blew past its previous record of $1.3 billion in stolen bitcoin, ethereum, and other digital assets.
Add it all up, and the country has now taken around $6.75 billion in crypto over time. Globally, total crypto theft this year hit $3.4 billion, and North Korea is responsible for a huge slice of that pie.
But One attack stands out.
In February, hackers tied to North Korea hit Bybit, a Dubai based crypto exchange. The theft was massive. Around $1.5 billion, mostly in ethereum, vanished in a single strike. Bybit’s CEO later confirmed the scale of the damage. The U.S. Secret Service says the attackers were part of North Korea’s elite state backed hacking unit.
2/ The DPRK is achieving larger thefts with fewer incidents. The Bybit hack alone accounted for $1.5B, showing their focus on high-impact targets. pic.twitter.com/QOL1R5Ntf5
— Chainalysis (@chainalysis) December 18, 2025
Chainalysis spends its days following these money trails. They track stolen funds as they jump from wallet to wallet, twist through mixers, and slowly disappear into the shadows. It is a digital cat and mouse game, and the mouse is very good.
The bigger picture is not new. The United Nations and private researchers have accused North Korea for years of using crypto theft to fund its nuclear and missile programs. With heavy sanctions and few trading partners, hacking has become a key revenue stream.
“It’s very difficult to stop,” said Matt Pearl from the Center for Strategic and International Studies. North Korea is isolated, unpredictable, and largely immune to outside pressure. That makes deterrence almost impossible.
One tactic getting more attention now is quieter, and scarier.
Chainalysis says some North Korean hackers fake their way into remote tech jobs at international companies. Once inside, they gain access. Credentials. Passkeys. Internal systems. That access can be enough to help their teammates drain wallets and send funds straight back to Pyongyang.
Yes, other countries have hackers too. Chinese groups have been linked to Covid relief fraud. Russian cybercriminals have faced accusations of Kremlin ties. But this is different.
No other nation runs a full scale, government backed crypto theft operation like North Korea. Their hackers work directly for the state. The sums are huge. The targets are global.
Leaked documents have shown that North Korea also runs some of the most advanced money laundering networks in the world. And crypto makes their job easier.
Exchanges hold enormous amounts of digital assets in one place. Wallets are controlled by passkeys. If those keys are compromised, funds can be moved in seconds. And once they are gone, they are usually gone for good. There is no bank to call. No fraud department to reverse the transaction.
Chainalysis put it bluntly. Even with professional security teams and deep resources, crypto platforms remain vulnerable because of this basic flaw.
And the future does not look calmer.
Pearl says North Korea is already under maximum sanctions. There is not much left to threaten them with. That removes the fear factor.
“The traditional tools we have had have not worked,” he said. “I think we’re going to continue to see this.”
In crypto, speed is power. And right now, the fastest hands in the room belong to a country that has nothing left to lose.
