Kim’s crypto thieving reached a record $2B in 2025
Summary
Chainalysis reports that North Korea-linked actors stole just over $2 billion in cryptocurrency during 2025 — a 51% rise year‑on‑year and roughly 76% of all service compromises worldwide. A single February attack on exchange Bybit contributed about $1.5 billion to the total. The DPRK’s tactics shifted markedly this year: nearly half the value taken came from personal wallets, and there were some 158,000 wallet attacks affecting roughly 80,000 unique victims. Researchers note fewer known attacks overall but far higher impact per operation, and warn that current visibility likely only shows the most blatant incidents.
Key Points
- North Korea-linked actors stole ~US$2 billion in crypto in 2025, a 51% increase from 2024.
- About $1.5 billion of that came from the February Bybit attack — a single high‑impact raid.
- DPRK accounted for a record 76% of centralised service compromises in 2025.
- Personal wallet targeting rose sharply — 44% of value in 2025 versus 7.3% in 2022.
- Attackers used social engineering and fake IT/recruitment ruses to gain credentials and access to firms and executives.
- DeFi protocol attacks declined as TVLs rose, suggesting improving protocol security; focus moved to wallets and centralised services.
- Chainalysis estimates DPRK has stolen about $6.75 billion in crypto since tracking began.
Context and Relevance
This story highlights an escalation in state‑backed crypto crime: fewer, but far more lucrative, operations. The shift from DeFi exploits to personal wallet compromise and corporate infiltration means conventional protections (smart contract audits alone) are no longer enough. Exchanges, custodians, wallet providers and anyone handling high‑value private keys need to reassess threat models and user education, while regulators and law enforcement will likely increase pressure on custody and AML controls.
Author style
Punchy: the piece spells out a clear, worrying trend — high‑impact, state‑linked raids are the new normal. If you care about crypto security, this is more than headline fodder; it signals a tactical evolution that matters to infrastructure and policy alike.
Why should I read this?
Short version: because it explains why your crypto risk just changed. North Korea pulled off monster strikes in 2025 and changed tactics — wallets and social engineering are front and centre now. Read it if you run an exchange, run a wallet service, handle custody, or even dabble in crypto investments. It saves you the noise and gets straight to the threat you actually need to know about.