North Korea’s Crypto Theft Surged 51% in 2025, CrowdStrike Finds

North Korea-linked hackers stole $2.02 billion in cryptocurrency during 2025, representing a 51% year-over-year surge from 2024 totals. CrowdStrike's 2026 Financial Services Threat Landscape Report identifies DPRK operations as an accelerating threat vector targeting crypto and fintech infrastructure.

The stolen funds flow directly into North Korea's military apparatus, according to security researchers. This funding mechanism bypasses traditional sanctions and provides the regime with hard currency to finance weapons development and nuclear programs. The scale of the theft underscores how blockchain networks have become critical infrastructure targets for state-sponsored actors.

North Korea's cyber operations exploit weaknesses across multiple vectors. Hackers target cryptocurrency exchanges, hot wallets, DeFi protocols, and institutional custodians through phishing campaigns, supply chain compromises, and zero-day exploits. Private key theft remains the most common attack path, allowing attackers to drain funds before victims can react.

Previous major breaches attributed to DPRK units include the 2022 Ronin Bridge hack (worth $625 million) and the 2021 Poly Network exploit. These operations demonstrate sophisticated technical capability and persistent targeting of high-value protocols. North Korean hackers operate through front companies and obfuscated infrastructure to conceal their attribution.

The crypto industry faces mounting pressure to implement stricter security standards. Exchanges increasingly require multi-signature wallets, hardware security modules, and insurance policies. However, the 51% increase in 2025 thefts suggests current defenses remain inadequate against state-level adversaries.

U.S. Treasury sanctions target known North Korean wallet addresses and cryptocurrency exchanges suspected of laundering stolen crypto. Chainalysis and other blockchain analysis firms track DPRK funds across token swaps and bridge protocols to identify movement patterns. Despite these efforts, converting stolen crypto to fiat currency remains achievable through peer-to-peer networks and unregulated exchanges in jurisdictions with weak AML enforcement.

The 2025 figures frame cryptocurrency theft as a persistent national security concern. C