North Korea Linked to $2B in Crypto Hacks in 2025: CertiK
Peter Zhang May 12, 2026 14:00
CertiK reports North Korea stole $2.06B in crypto in 2025, accounting for 60% of global hack losses, funding nuclear programs.
North Korea-linked hackers were responsible for approximately $2.06 billion in cryptocurrency thefts in 2025, accounting for 60% of global crypto hack losses, according to blockchain security firm CertiK. The stolen funds reportedly played a key role in financing the country’s nuclear and missile programs, highlighting the nation’s increasing reliance on illicit digital asset operations for state revenue.
The findings are part of CertiK’s latest Skynet report, which tracked $3.4 billion in total crypto-related security breaches across 656 incidents during 2025. North Korea-linked groups were involved in just 12% of these incidents but accounted for the majority of the overall value stolen. CertiK described this as a shift toward "precision and scale," with fewer attacks targeting larger pools of capital.
The most significant heist of the year, the Bybit exploit in February 2025, resulted in $1.5 billion in losses. CertiK attributed the attack to North Korea’s TraderTraitor cluster, which leveraged a supply chain compromise of a third-party signing provider. Onchain analysis found that 86% of the stolen Ether was converted into Bitcoin within 30 days, utilizing a combination of mixing services, cross-chain bridges, and OTC brokers to obscure the funds’ origins.
From Phishing to Physical Infiltration
CertiK’s report also highlights a notable evolution in hacking tactics. While social engineering remains a core strategy—examples include fake job offers and malware-laden PDFs—recent operations have incorporated more sophisticated methods, including physical infiltration. The April 2026 Drift Protocol exploit, which drained $285 million from a Solana-based platform, involved a six-month campaign with attackers attending conferences, building relationships, and exploiting governance mechanisms.
Jonathan Riss, a blockchain intelligence analyst at CertiK, warned that North Korean IT workers, often posing as legitimate professionals, are infiltrating Western crypto and fintech companies. These trusted insider roles allow them to execute highly targeted attacks.
A Broader Security Threat
Beyond financial damage, the report underscores the geopolitical implications of these thefts. Both United Nations monitors and U.S. intelligence assessments confirm that proceeds from North Korea’s crypto operations are funneled into its nuclear and ballistic missile programs. CertiK’s analysis suggests that cryptocurrency theft has become a core pillar of the regime’s external income strategy, effectively "industrializing" these operations.
Since 2016, North Korean-linked hackers have reportedly stolen $6.75 billion across 263 documented incidents, according to onchain researcher Taylor Monahan. The scale and sophistication of these operations elevate them from a cybersecurity issue to an international security concern.
As digital assets grow in prominence, the risks associated with state-sponsored cybercrime are expected to increase. CertiK predicts that tools like deepfakes and supply chain attacks will further fuel crypto-related losses in 2026, posing ongoing challenges for the industry and global regulators.
Image source: Shutterstock.jpg)