North Korea ‘industrialized’ crypto theft, laundered billions: CertiK

CertiK released a report documenting North Korea's systematic approach to cryptocurrency theft, revealing that North Korean-linked hackers accounted for roughly $2.06 billion of the $3.4 billion total lost to crypto hacks in 2025. The findings show the regime has industrialized its theft operations and expanded tactics beyond traditional phishing attacks.

The report highlights a concerning shift in methodology. North Korean threat actors now employ physical infiltration alongside digital exploits, targeting exchanges, custodians, and DeFi protocols with increasing sophistication. This represents an evolution from earlier campaigns that relied primarily on social engineering and malware distribution.

The $2.06 billion figure underscores North Korea's outsized role in cryptocurrency crime. The regime channels stolen assets through layered laundering operations, converting on-chain transactions into fiat currency and other assets to circumvent sanctions. Blockchain analysis firms have previously documented North Korea's use of decentralized exchanges, cross-chain bridges, and privacy mixers to obscure fund flows.

CertiK's analysis ties specific incidents to Lazarus Group and associated North Korean cyber units responsible for high-profile breaches. The regime funds its weapons programs and bypasses economic isolation through these theft campaigns, making crypto a strategic revenue source rather than incidental criminal activity.

The 2025 data reflects an acceleration in both theft volume and operational maturity. North Korea's hybrid approach, combining digital exploits with human-centric social engineering and now physical breach tactics, creates compounding security challenges for crypto platforms. Exchanges and custodians must defend against threats spanning endpoint compromise, staff manipulation, and insider threat scenarios simultaneously.

Regulatory pressure on mixers and privacy tools has forced laundering operations to become more complex, but the regime's technical capabilities and patience allow it to navigate enforcement actions. Law enforcement agencies, including Treasury Department sanctions units and blockchain forensics teams, continue tracking North Korean flows, though recovery rates remain minimal once assets enter the laundering pipeline.

The report serves as a stark reminder that crypto infrastructure remains a top-tier target for nation-state actors, with North Korea leading theft operations by both volume