North Korea’s crypto thefts now exceed $6.7B, using DeFi bridges and protocols to launder funds and bypass global sanctions.
Last Updated: February 05, 2026 at 5:01 PM UTC +1
Published: February 05, 2026 at 4:54 PM UTC +1
Human Written ContentHuman Written Content
North Korea’s engagement with cryptocurrency has long been more than headline fodder. Behind the technical jargon and “blockchain threat” soundbites lies a sustained program of cyber‑enabled financial operations that have made digital assets a material source of revenue for the regime.
In 2025, blockchain data shows that North Korean–linked hackers stole at least $2.02 billion worth of cryptocurrency, a record annual haul that accounted for the majority of known crypto theft that year, according to researchers tracking on‑chain crime. That figure is up roughly 51 % from the previous year and has pushed the total stolen by DPRK actors to an estimated $6.75 billion since records began.
The most dramatic incident came via a February 2025 breach of the global exchange Bybit, where hackers linked to the Democratic People’s Republic of Korea (DPRK) exploited an Ether wallet and extracted approximately $1.5 billion in digital assets, the largest single crypto heist on record. U.S. authorities, including the FBI, publicly attributed this attack to Pyongyang‑aligned cyber actors.
These aren’t random acts of crime. Analysts and government officials contend that theft and subsequent laundering of crypto serve as a sanctions‑busting revenue stream, funding development programs that are otherwise cut off from global financial markets.
One reason North Korean cyber actors have focused on cryptocurrency is the sheer accessibility and global reach of decentralized finance (DeFi). Bridges, decentralized exchanges, and cross‑chain protocols allow digital value to move quickly across networks without requiring identity verification. While these features are celebrated by many crypto users, they also present avenues for illicit actors to obfuscate origins and complicate enforcement.
After major thefts, DPRK‑linked addresses are often observed moving assets across multiple blockchains, swapping between tokens, and employing decentralized routes before attempting to convert funds to fiat. The initial steps of these laundering processes can be tracked, but once funds traverse bridges, mixers, or off‑chain gateways, tracing becomes far more difficult.
Analysts have noted that North Korean actors frequently employ decentralized tools to avoid centralized compliance controls. In some cases, decentralized exchange routes or unregulated brokerage channels are used to shift funds into jurisdictions with weaker oversight, where they can be converted into goods, foreign currency, or other assets without immediate detection.
It’s a pattern that illustrates the dual nature of DeFi technology: the same mechanisms that democratize financial access also provide opportunities for sanctioned actors to obscure and repurpose stolen value.
North Korea’s focus on cryptocurrency isn’t new, but its methods have evolved alongside the broader crypto ecosystem.
Earlier reports show that DPRK‑linked hackers stole billions of dollars in crypto between 2017 and 2023, a significant portion of which was connected to large bridge exploits and exchange compromises, with some estimates putting total theft in that span at roughly $3 billion. That activity was described by a United Nations Security Council panel as a central component of the regime’s foreign revenue generation.
In more recent years, instead of overwhelmingly relying on frequent small hacks, North Korean operators appear to be focusing on fewer but higher‑impact operations. In 2025, record theft value was achieved with fewer confirmed incidents, suggesting a shift toward high‑value targets and more sophisticated breach strategies.
Experts also point to a growing arsenal of tactics, including:
embedding operatives with legitimate credentials in tech firms to facilitate access,
using advanced social engineering,
exploiting smart‑contract vulnerabilities,
and leveraging decentralized tools to disguise and move assets across networks.
This evolution parallels broader shifts in cybercrime and highlights the adaptability of state‑linked threat actors in the digital finance era.
North Korea’s use of cryptocurrency has implications that extend well beyond individual hacks.
For global regulators and blockchain compliance teams, the DPRK’s activities underscore the limits of sanctions enforcement in a permissionless environment. While centralized exchanges and regulated entities can freeze assets linked to sanctioned wallets, once funds transit through decentralized protocols, enforcement becomes significantly more complex.
At the same time, law enforcement agencies, including the U.S. Treasury’s Office of Foreign Assets Control, have imposed sanctions on individuals and firms accomplice to laundering schemes, emphasizing that crypto theft is not simply criminal, but tied to geopolitical and security concerns.
Critics argue that unchecked abuse of DeFi and mixing services could invite sweeping regulatory crackdown that affects legitimate users and developers. Proponents counter that focusing on technological fixes, such as better compliance tooling, analytics, and coordinated cross‑border enforcement, is essential to preserve the promise of decentralized finance.
The story of North Korea and crypto is not a simple one of hackers in hoodies. It is a case study in how decentralized technology intersects with geopolitics, sanctions regimes, and global financial friction.
As DeFi protocols continue to evolve and institutional adoption grows, so too will the incentives for highly resourced actors, state and non‑state alike, to exploit those systems. Whether through direct theft, laundering, or collateral manipulation, the challenge for the crypto ecosystem will be reconciling openness with accountability, and censorship resistance with systemic integrity.
In short, crypto did not merely disrupt finance; it is reshaping elements of geopolitical finance too. And the consequences are only beginning to unfold.
Level 2, ‘The Fort’, HardRocks Business Park, Burmarrad Road, Naxxar, NXR 6345
Crypto Casino is an independent platform providing unbiased information about online crypto casinos, games, and bonuses. We are not owned or operated by any gambling provider. All reviews, rankings, and guides are written by our expert team based on honest analysis and the latest available data.
Copyright©Crypto.Casino Ltd. 2026. All Rights Reserved
