Crypto thefts are now part of North Korea’s state revenue mechanism – Report
Can concerted cyber security efforts from blockchains and the U.S Treasury help protect crypto from North Korea?
North Korea’s threat actors remain the industry’s biggest crypto threat.
According to security research firm CertiK, the Democratic People’s Republic of Korea (DPRK) has made crypto hacks part of its state revenue stream, driving nearly $7 billion in the past ten years.
DPRK is now targeting large-scale heists. In 2025, North Korea was responsible for $2.06 billion in losses, or 60% of the sector’s $3.4 billion in yearly losses. CertiK claimed,
Our report analyzes nearly a decade of activity, finding that DPRK-linked actors have stolen an estimated $6.75 billion across 263 incidents between 2016 and early 2026.
So far in 2026, the country’s threat actors have accounted for $620 million in losses out of the $1.1 billion in stolen funds. Overall, its 2026 thefts accounted for 55% of total year-to-date (YTD) losses.
Last year, North Korea’s biggest heist was Bybit’s $1.5 billion hack. So far this year, the $294 million KelpDAO hack has been its biggest plunder.
North Korea infiltrates the crypto industry
Interestingly, the players have evolved in their offensive moves, sometimes posing as IT employees and enabling theft from within the top decentralized exchanges and platforms.
In fact, TRM Labs, another security firm, confirmed that Drift’s $285M breach followed in-person meetings between North Korean proxies and the protocol employees. The firm called the technique ‘unprecedented’ in the country’s lengthy crypto hacking campaign.
According to TRM Labs, the $294 million KelpDAO hack has been their biggest plunder this year. It was conducted by a new North Korea group separate from the Lazarus group. Notably, Drift was breached by TraderTraitor, another North Korean hacker.
Last year’s $1.5B Bybit exploit was linked to the notorious Lazarus group. In fact, TRM Labs estimated that 2026’s losses due to North Korean players were way higher than 55%. According to the security firm, the share was about 76% on a YTD basis.
In most cases, after the heist, the hackers would go quiet for a while. Afterwards, they would launch a laundering campaign by switching funds to BTC and moving them through crypto mixers such as Thorchain or Tornado Cash, DEXes, and OTC desks.
There have been concerted efforts towards early threat monitoring across blockchains to mitigate the North Korean risk. In fact, even the U.S government is considering extending threat intelligence shared with financial firms to crypto companies.
Final Summary
- North Korean threat actors have stolen $6.75 billion in the past 10 years
- According to CertiK, the country has made crypto hacks part of state revenue.
