North Korean Hackers Steal Billions in Crypto – And They’re Only Getting Better

North Korea’s state-backed hacker groups are proving to be some of the most successful and dangerous cybercriminals in the world. These groups are not just stealing money—they’re pulling off massive cryptocurrency heists with increasing precision and sophistication.

In early 2025, one of their biggest strikes yet hit the ByBit crypto exchange, resulting in a $1.5 billion theft in Ethereum. That was just the beginning. So far this year, North Korean hackers have stolen over $2.02 billion in digital currencies, making up more than half of the $3.4 billion in total crypto thefts globally, according to blockchain analysis firm Chainalysis.

Since 2021, these cyberattacks have brought in at least $6.75 billion for North Korea. The hackers are becoming more strategic—choosing bigger targets and planning their attacks more carefully. With advanced money-laundering techniques and a growing toolbox of cybercrime tactics, they’re harder to detect and even harder to stop.

Biggest Hacks Dominate the Numbers

Chainalysis reports that just three major hacks this year accounted for nearly 70% of all stolen cryptocurrency. These large-scale attacks show how focused and effective North Korea’s cyber teams have become.

Cybercrime is now a major source of income for North Korea, estimated to contribute about 7% of the country’s total economy—roughly $30 billion. That’s a similar percentage seen in some Southeast Asian countries where cybercrime has become deeply embedded in the economy and even influenced government corruption.

A recent example of cybercrime at scale includes the seizure of more than 127,000 bitcoins—worth around $15 billion—linked to the Prince Holding Group, a criminal syndicate with ties to Asia.

Tactics and Tools Keep Evolving

According to cybersecurity experts, North Korean hackers stand out for three reasons: they go after big targets, they don’t give up easily, and they constantly evolve their methods.

The ByBit hack is a perfect example. Attackers gained access by compromising a software vendor in the supply chain—one of the hardest types of attacks to pull off. Then, they used complex crypto transactions across different platforms to cover their tracks.

Most of these high-profile attacks are linked to the notorious Lazarus Group. This group is behind not only major crypto thefts but also infiltration of tech companies using fake online job applications. They’re now even using AI and large language models (LLMs) to build smarter phishing scams and impersonate real people during video interviews.

Several other North Korean hacker groups have been active throughout 2025, each with its own focus. Some groups like UNC1069 (“CryptoCore”), UNC4899 (“TraderTraitor”), and UNC5342 (“Contagious Interview”) are specifically targeting the cryptocurrency space.

Despite growing awareness and defensive efforts, these threat actors continue to succeed by updating their tools and finding new ways around detection systems.

Money Laundering Made Smarter

One reason North Korean hackers are so hard to catch is their ability to move stolen funds quickly and discreetly. Rather than transferring large amounts through one or two platforms, they break the money down into smaller chunks and use multiple channels to launder it. This makes it much harder for law enforcement to follow the money trail.

In contrast, other cybercriminals who move large sums through fewer channels are easier to track and disrupt.

New International Alliances Could Mean Bigger Threats

North Korea’s cyber capabilities may soon grow even stronger thanks to new political partnerships. In late 2024, the country signed a strategic deal with Russia that includes collaboration on science and technology—possibly including cyber warfare.

Experts believe this could lead to deeper cooperation between North Korean and Russian hackers, especially since both countries are under heavy international sanctions and looking for ways to evade them. There’s also evidence suggesting North Korea is interested in drone technology, an area where Russia has strong expertise.

At the same time, North Korea continues to benefit from Chinese-run cybercrime networks and Southeast Asian scam operations. Instead of using big-name crypto exchanges like before, they now rely more on underground liquidity services based in Asia or Chinese money-laundering networks.

What’s Next?

As these state-sponsored hacking groups get better at what they do, experts say we should expect them to keep finding new ways to make money for the regime. Whether it’s through crypto theft or other digital crimes, North Korea will keep adapting and evolving its cyber tactics.

The threat isn’t going away—it’s growing smarter, faster, and harder to stop.