Last Updated: December 26, 2025
North Korean-linked hackers stole an estimated $2 billion in cryptocurrency in 2025, making it the worst year on record for state-sponsored crypto theft, according to blockchain security analysts.
Research from firms including Chainalysis and TRM Labs shows that North Korea-linked actors accounted for the largest share of global crypto losses this year. Reporting by NBC News confirms the pace of attacks accelerated throughout 2025, with losses reaching into the billions.
The surge has raised serious concerns around exchange security, DeFi vulnerabilities, regulatory oversight, and investor protection, highlighting crypto’s growing role in geopolitical risk.
Record-Breaking Crypto Theft in 2025
Throughout 2025, multiple major security incidents were traced back to North Korea-linked hacking groups, most commonly associated with the Lazarus Group and its affiliates. Investigations cited by Reuters indicate that these actors surpassed previous annual records for crypto theft, targeting a wide range of platforms across the ecosystem.
Targets included:
- Centralized exchanges
- DeFi protocols
- Cross-chain bridges
- Custodial and private wallets
However, newer findings reported by IDN Financials show that attackers increasingly shifted their focus toward private and self-custody wallets in the second half of the year.
According to that report, approximately 26,500 individual wallets were identified as victims of North Korea–linked crypto thefts in 2025. It highlights a growing risk for individual users alongside institutional platforms.
Once compromised, stolen funds were rapidly moved across multiple blockchains and laundered using mixers and complex transaction routing. These laundering techniques have been extensively documented by blockchain intelligence firm Elliptic, which tracks state-linked crypto crime.
Estimated Impact of North Korean Crypto Hacks in 2025
| Category | Estimated Impact |
| Total crypto stolen | ~$2 billion |
| Estimated victims | ~26,500 wallets |
| Primary targets | Exchanges, DeFi protocols, private wallets |
| Common assets | ETH, stablecoins, wrapped tokens |
| Attribution | State-linked North Korean hacking groups |
| Key methods | Smart contract exploits, phishing, malware, and social engineering |
Figures reflect aggregated estimates from blockchain security, media, and analytics reports released during 2025.
Why Crypto Is Being Targeted in North Korea
Cryptocurrencies remain attractive to North Korea due to international sanctions limiting access to traditional finance. Digital assets enable faster cross-border transfers and fewer intermediaries.
The United Nations Panel of Experts and the Financial Action Task Force (FATF) have warned that stolen crypto may be used to support state activities, raising broader global security concerns.
How the Attacks Worked
- Exchange breaches: Credential theft, insider access, delayed updates
- DeFi exploits: Smart contract and governance flaws
- Bridge attacks: Large liquidity pools drained quickly
- Phishing & malware: Targeting developers, recruiters, and users
Security firm CertiK reports that bridge exploits made up a significant share of DeFi losses in 2025.
What Crypto Investors Must Know
The events of 2025 highlight several important considerations for investors navigating digital asset markets.
Security risks are structural.
Even well-established platforms are not immune to sophisticated attacks, and overexposure to a single exchange or protocol can amplify losses during security incidents.
Self-custody demands discipline.
While self-custody reduces counterparty risk, it also places full responsibility on users. The growing number of private wallet victims in 2025 underscores the importance of strong key management and phishing awareness.
Transparency and audits matter.
Platforms that publish regular audits, incident disclosures, and clear governance frameworks tend to respond more effectively when breaches occur.
Regulatory pressure is likely to increase.
Ongoing state-linked hacking activity may accelerate tighter compliance requirements, influencing how exchanges and DeFi platforms operate going forward.
Why This Marks a Turning Point
The $2 billion stolen in 2025 shows that crypto is now firmly tied to global security and geopolitical risk. As the industry matures, innovation must be matched with stronger security and governance.
For investors, awareness, diversification, and cautious platform use remain essential.
Disclaimer:
This article is for informational purposes only and does not constitute financial, investment, or legal advice. Cryptocurrency investments carry risk, and readers should conduct their own research.