How much crypto did North Korean hackers steal in 2025?

North Korea-linked hackers stole more than $2 billion from cryptocurrency users and companies in 2025, according to CrowdStrike. The total represented a 51% increase year over year despite fewer cyberattacks overall.

Why are North Korean hackers targeting crypto companies?

CrowdStrike said crypto firms are attractive targets because stolen digital assets can be transferred and cashed out with greater anonymity than traditional bank funds. Hackers also target Web3 firms because many operate globally with decentralised systems and remote teams.

What did CrowdStrike say about North Korea’s crypto hacking operations?

CrowdStrike described DPRK-linked groups as the largest crypto theft threat by value. The company said stolen funds are “almost certainly laundered to fund the regime’s military programs.”

Why did North Korean crypto thefts rise even though attacks declined?

Cybersecurity researchers said DPRK-linked groups focused on fewer but higher-value targets in 2025. Instead of broad campaigns, hackers concentrated on major exchanges, infrastructure providers and large Web3 projects where successful breaches generated bigger payouts.

How did DPRK-linked hackers infiltrate crypto companies?

North Korean threat actors reportedly used fake IT worker schemes, malware deployment and long-term social engineering tactics. Some infiltrators built trusted relationships with crypto teams over several months before compromising systems.

What happened with Drift Protocol and North Korean hackers?

Drift Protocol said DPRK-linked technology workers infiltrated its operations after building relationships with staff over six months. The attackers later deployed malware that reportedly caused around $280 million in losses.

What role did the Ethereum Foundation play in identifying DPRK hackers?

The Ethereum Foundation identified around 100 DPRK-backed hackers and threat actors in April 2025. The organisation warned crypto projects about infiltration attempts involving remote hires and social engineering.

Why is social engineering becoming a bigger crypto security risk?

Social engineering attacks target people rather than code vulnerabilities by manipulating trust and access permissions. In crypto, attackers often pose as developers, recruiters or contractors to gain internal access to wallets and infrastructure.

North Korea crypto thefts jump 51% in 2025

Written by Isaac FrancisPublished May. 14 2026Last Updated May. 14 2026

North Korea-affiliated hackers stole more than $2 billion from cryptocurrency users and companies in 2025, marking a 51% year-over-year increase despite fewer cyberattacks, according to cybersecurity firm CrowdStrike.

CrowdStrike said DPRK-linked threat actors remained the largest source of crypto-related thefts by value and increasingly targeted high-value Web3 projects and cryptocurrency exchanges.

“Stolen proceeds are almost certainly laundered to fund the regime’s military programs,”

CrowdStrike said in its 2026 Financial Services Threat Landscape report.

The cybersecurity company said North Korean hackers prioritised cryptocurrency firms because stolen digital assets could be transferred and cashed out with greater anonymity than funds in the traditional financial system.

In April, the Ethereum Foundation identified around 100 DPRK-backed hackers and threat actors infiltrating crypto projects through remote work schemes and social engineering tactics.

Decentralised exchange Drift Protocol said DPRK-linked technology workers infiltrated its development operations after building relationships with team members over six months, eventually deploying malware that caused approximately $280 million in losses.

“It is important to note that the individuals who appeared in person were not North Korean nationals,”

The Drift Protocol team said, adding that DPRK threat actors often use third-party intermediaries for face-to-face interactions.

At the time of reporting, Ethereum price was $2,292.97 .