North Korean Hackers Steal Record $2 Billion in Cryptocurrency During 2025

In a stark illustration of the escalating cybersecurity threats within the digital asset space, North Korean-linked hackers have stolen a record $2 billion in cryptocurrency during 2025, according to analysis from blockchain intelligence firm Chainalysis. This unprecedented figure represents a significant escalation in state-sponsored crypto theft, with attackers demonstrating a clear preference for high-impact operations targeting centralized service providers.

What We Know

According to Chainalysis, North Korean threat actors executed a series of massive cyberattacks throughout 2025 that culminated in the record-breaking theft total. Rather than conducting numerous small-scale operations, these hackers employed a strategy focused on rare but extremely damaging attacks. This tactical approach proved devastatingly effective, with a single breach accounting for the majority of the year's losses.

The most significant incident involved cryptocurrency exchange Bybit, which suffered a $1.4 billion breach—the largest single theft in the record-setting year. This massive attack served as the primary driver behind 2025's record crypto theft losses attributed to North Korean actors. The Bybit breach alone represents over two-thirds of the total stolen amount, underscoring how centralized service providers remain primary targets for state-sponsored hacking operations.

Key Details

The targeting of centralized exchanges and services represents a strategic shift in how North Korean hackers approach cryptocurrency theft. By focusing on major platforms with substantial user deposits instead of dispersing efforts across multiple smaller targets, these actors have demonstrated a sophisticated understanding of where cryptocurrency holdings are concentrated.

The $2 billion figure surpasses previous annual records for North Korean crypto theft, highlighting an alarming trend in the sophistication and capability of these operations. Chainalysis, which tracks blockchain transactions and identifies patterns of illicit activity, has established itself as a leading authority in documenting these attacks and attributing them to North Korean threat actors through technical analysis and transaction pattern recognition.

The preference for targeting centralized services also suggests that while the crypto industry has made strides in decentralization, major exchanges and custodial platforms continue to represent significant security vulnerabilities that can be exploited by well-resourced threat actors.

Why This Matters

The record $2 billion theft demonstrates that cybersecurity remains the cryptocurrency industry's Achilles' heel. As digital assets grow in value and mainstream adoption increases, they simultaneously become more attractive targets for state-sponsored actors seeking to fund their operations while evading international sanctions.

North Korea's reliance on cryptocurrency theft as a funding mechanism underscores how blockchain technology, while designed to be secure and transparent, can be exploited by sophisticated actors with state-level resources. The scale of these thefts—particularly the Bybit breach—suggests that even major, well-funded exchanges face significant challenges in protecting customer assets against determined adversaries.

For investors and cryptocurrency users, these findings reinforce the importance of understanding counterparty risk when using centralized platforms. For regulators and policymakers, the data highlights the urgent need for enhanced security standards, improved threat intelligence sharing, and stronger measures to prevent stolen cryptocurrency from entering legitimate financial systems.