North Korea-Linked Crypto Theft Surges 51% in 2025, Losses Cross $2 Billion

North Korea linked hackers were responsible for more than $2 billion in stolen cryptocurrency in 2025, marking a 51% jump from the previous year, according to a new report from cybersecurity firm CrowdStrike. Even though the number of attacks declined, the hackers managed to steal significantly larger amounts by targeting high-value crypto companies and platforms.

By Laurisa

Junior Author · May 15, 2026

2 min

Key takeaways

North Korean Hackers Become Biggest Crypto Threat in 2025 North Korea linked hackers were responsible for more than $2 billion in stolen cryptocurrency in 2025, marking a 51% jump from the previous year, according to a new report from cybersecurity firm CrowdStrike.

Even though the number of attacks declined, the hackers managed to steal significantly larger amounts by targeting high-value crypto companies and platforms.

CrowdStrike described North Korean state backed groups as the biggest cybersecurity threat facing the crypto industry in terms of money stolen.

North Korean Hackers Become Biggest Crypto Threat in 2025

North Korea linked hackers were responsible for more than $2 billion in stolen cryptocurrency in 2025, marking a 51% jump from the previous year, according to a new report from cybersecurity firm CrowdStrike. Even though the number of attacks declined, the hackers managed to steal significantly larger amounts by targeting high-value crypto companies and platforms.

CrowdStrike described North Korean state backed groups as the biggest cybersecurity threat facing the crypto industry in terms of money stolen. The firm said these groups appear to be focusing on fewer operations but choosing targets that can deliver massive returns.

*The countries most targeted by DPRK hackers*

Researchers also warned that the stolen money is likely being laundered and redirected to support North Korea’s military activities.

Crypto Exchanges and Web3 Firms Face Growing Risks

According to the report, crypto exchanges and Web3 projects remain major targets because digital assets can be moved quickly and with more anonymity than traditional banking systems. Hackers are increasingly using malware, fake job applications, phishing campaigns and social engineering tricks to gain access.

In April, the Ethereum Foundation reportedly identified around 100 North Korea-linked hackers connected to crypto projects.

Drift Protocol Attack Highlights New Tactics

One of the most alarming cases involved Drift Protocol, a decentralized exchange that was reportedly infiltrated by North Korean-linked technology workers. The platform said team members met the suspected operatives at a major crypto conference and worked with them for nearly six months before systems were compromised.

Drift Protocol said malware deployed by the attackers led to roughly $280 million in losses. The company added that people involved in face-to-face meetings were reportedly intermediaries, not North Korean nationals directly.

Blockchain investigator ZachXBT also reported that North Korean IT workers were earning nearly $1 million every month by quietly working at technology and crypto firms, raising fresh concerns about insider threats across the industry.

How markets are positioning

Live market reaction

🛢️WTI Crude

+3.4% ▲

★Gold

+1.8% ▲

₿Bitcoin

-1.8% ▼

$DXY

+0.6% ▲

Disclaimer

This content is for informational purposes only and does not constitute financial, investment, or legal advice. Cryptocurrency trading involves risk and may result in financial loss.

Exclusive partner offer