Blockchain Analytics Company Chainalysis has released a new report detailing that the Crypto Industry has experienced one of the worst years on record and Stolen Funds continue to rise to alarming numbers. There are no signs to indicate that this trend will stop; What has caused this increase? A familiar and persistent adversary: the Democratic People’s Republic of Korea (DPRK).
In 2023 with all the large scale centralised breaches and advancement of newer attack types, once again we see that North Korea cybercriminals continue proving themselves out as the top apex predators within the cryptocurrency arena. The data reflects an industry that has been decimated by one nation state actor.
The Multi-Billion Dollar Drain
The sheer size of the 2025 cryptocurrency theft is truly astounding, totalling over $3.4 billion between January and early December. Though some may consider $3.4 billion as an alarming number by itself, a deeper examination of the the particular assets stolen shows that this was a strategically directed theft campaign initiated by state-sponsored actors.
North Korean hackers alone stole at least $2.02 billion in cryptocurrency this year. This represents a massive 51% increase year-over-year—an additional $681 million compared to 2024. This accomplishment indicates that it was the worst year for DPRK in terms of monetary loss from Crypto Theft. Overall, the cumulative estimate for funds stolen by the DPRK has now reached a mind-boggling $6.75 billion.
“The persistence of high theft volumes indicates that while some areas of crypto security may be improving, attackers continue to find success across multiple vectors,” the report noted.
The Bybit Behemoth
The bulk of the total losses experienced in 2025 are attributed to one catastrophic event. In February 2023, the centralized cryptocurrency exchange Bybit lost 1.5 billion dollars as a result of a major compromise of their systems. Due to this incident, almost half of the overall amount stolen during 2025 has been attributed to Bybit and implies that nearly 50% of the overall value in stolen funds would be classified as centralized exchanges failure rather than a true data-focused approach.
This “whale” attack highlights a disturbing trend: losses are becoming dramatically concentrated. The report found that the top three hacks in 2025 accounted for 69% of all service losses. The gap between a “typical” hack and a “catastrophic” one is widening; the funds stolen in the largest attacks are now 1,000 times larger than the median incident.
The “Insider” Threat
How are they doing it? The days of simple phishing emails are evolving into something far more insidious. Chainalysis points to a specific, highly effective vector: the infiltration of IT workers.
The North Korean government employs attack teams in the cryptocurrency space to provide illicit access to networks and other systems used by individuals and organizations involved in cryptocurrency activities. By acting as a legitimate developer or IT support person, North Korean operatives have free access to all internal systems, allowing them to commit major breaches of network security behind corporate firewalls. This “insider threat” allows them to bypass traditional perimeter defenses that exchanges spend millions to build.
A Distinct Laundering Playbook
Stealing the money is only half the battle; laundering it is the other. The massive influx of funds in 2025 has given researchers unprecedented visibility into how the DPRK cleans its digital loot. Unlike other cybercriminals who might prefer decentralized exchanges (DEXs) for their anonymity, North Korean hackers have a distinct preference for Chinese-language money laundering networks.
Data shows a heavy reliance on “guarantee services” and over-the-counter (OTC) traders in the Asia-Pacific region. Additionally, they aggressively utilize cross-chain bridges—tools that allow users to move assets between different blockchains—to complicate the tracing of funds. This is interestingly in that the criminals tend to stay away from DLPs (Decentralised Lending Protocols) while many others tend to use them, indicating that criminals are using different DLPs, therefore reflecting a difference in strategy that is dictated by their different goals and limitations.
The Shift to Personal Wallets
In today’s news, we hear about many big dollar cryptocurrency exchange hacks but also, there is a lot of bad news for individual users with personal wallets. The report states that “the number of personal wallets compromised had increased significantly”. Personal wallets represented approximately 7% of all stolen values in hacks in 2022. The number of personal wallets compromised due to hacking had increased to 44% by 2024. Even accounting for Bybit’s data flaws in 2025, personal wallets would still represent 37% of all stolen value. This represents an increase from 2022 and indicates that with exchanges like Bybit securing themselves better via stronger data protection measures, hackers have opted to target investors who have less sophisticated security measures.
The growth and increased value of digital assets has resulted in a significant increase in the amount of wealth stored digitally. The current level of development for these assets is now at a point where that investment can no longer be considered safe. The threat of losing your digital assets is more than just the technological challenges that led to the creation of digital assets; it is also about the systematic theft of wealth, perpetrated by governments and/or criminal organizations.




