For the second year in a row, North Korea’s vast cryptocurrency hacking operation has broken its own record, stealing $2.02 billion in 2025, new research says.
A report published Thursday by the blockchain watchdog company Chainalysis found that North Korea broke its own record of $1.3 billion in hacked and stolen crypto like bitcoin and ethereum. That brings the country’s total stolen crypto to around $6.75 billion, the report said. The total amount of stolen crypto around the globe rose to $3.4 billion.
A significant chunk of that comes from the hack of the Dubai-based cryptocurrency exchange Bybit this year. The hackers — who worked for North Korea’s elite government hacking squad, according to the U.S. Secret Service — stole around $1.5 billion, mostly in ethereum, in February, Bybit’s CEO said.
Chainalysis is one of a growing number of companies that map out the sprawling network of cryptocurrency transactions, including tracing hacked funds as they’re laundered by criminals.
The United Nations and private researchers have long accused North Korea, which is beset by international sanctions and has relations with only a handful of countries, of deploying its hackers to steal cryptocurrency to help fund its nuclear weapons and missile programs.
“It’s very difficult to stop, because there’s an asymmetry where they’re in general so cut off from the world and such a rogue state,” said Matt Pearl, the director of the Strategic Technologies Program at the Center for Strategic and International Studies, a national security think tank.
Part of the theft is most likely due to the increasingly common phenomenon of North Korean hackers’ fraudulently obtaining remote technical jobs with international companies, the report said. That access can put them in positions to give their hacker colleagues a foothold to steal cryptocurrency passkeys and wire crypto to Pyongyang.
There are scattered incidents of other countries’ professional hackers’ stealing large amounts of money. The Secret Service previously linked Chinese government hackers to an operation that stole U.S. Covid relief benefits, and the U.S. and U.K. governments have accused some financially motivated Russian cybercriminals of ties to the Kremlin.
But no country has an alleged operation like North Korea’s, whose hackers working directly for the government routinely steal such large sums from companies around the world.
Leaked documents have previously shown that North Korea has deployed some of the most sophisticated international money laundering operations on the planet.
Crypto is also generally much easier to launder at a large scale than traditional currency. Exchanges often hold it in vast sums, making them extremely ripe targets for North Korea.
Cryptocurrencies are stored in wallets, or accounts that can be accessed with passkeys, and it remains the case that if hackers gain control of an account, they can quickly wire it to a different wallet that they own. Unlike with traditional finance, there are few ways to reverse a fraudulent transaction.
“Despite their institutional resources and professional security teams, these platforms remain vulnerable because of this fundamental security challenge,” the Chainalysis report found.
Pearl said that given that North Korea is already under extreme sanctions, there’s little left to deter it from continuing to hack digital assets to fund its military operations.
“Obviously, the traditional tools we have had have not worked,” Pearl said. “I think we’re going to continue to see this.”
