How AI-powered heists have fueled North Korea’s $2.8 billion crypto thefts since 2024

Key Takeaways

What tactics are North Korean cyber groups using?

They use fake job interviews, AI tools like ChatGPT and DeepSeek, and sophisticated cyber techniques.

Which Cambodian platforms are linked to laundering stolen crypto?

Huione Group and its subsidiary Huione Pay.

In a revelation that didn’t come as a surprise to many, North Korea is reported to have stolen nearly $2.84 billion in cryptocurrencies since early 2024, with $1.65 billion taken this year alone.

North Korea’s stolen crypto report

The South Korea-led Multinational Sanctions Monitoring Team (MSMT) highlighted the regime’s ongoing cyber heists, which target major exchanges across Asia and the Middle East.

Analysts say the stolen digital assets, funnelled through brokers in China, Russia, Hong Kong, and Cambodia, help fund Pyongyang’s sanctioned weapons programs.

Remarking on the same, Seoul’s foreign ministry said in a statement, 

“The release of this report is expected to draw greater international attention to North Korea’s ongoing violations of U.N. sanctions exposed through its crypto thefts and overseas IT operations, while underscoring the growing sophistication and risks of its cyber activities.” 

What are the tactics involved?

The report specifically highlighted North Korea’s use of Cambodian financial platforms, such as Huione Group and its subsidiary Huione Pay, to launder stolen cryptocurrencies.

Deeper research revealed that the hackers linked to the reclusive regime breached major exchanges. These included Bybit in the UAE, DMM Bitcoin in Japan, WazirX in India, and BingX and Phemex in Singapore.

They laundered and cashed out the stolen assets through brokers in China, Russia, Hong Kong, and Cambodia.

On top of that, nearly about 1,000–2,000 North Korean IT professionals still operate across at least eight countries. Many of them have been linked to U.N-sanctioned entities, and send roughly half of their earnings back home.

These cyber groups have refined their methods over the years, conducting fake job interviews and using AI tools like ChatGPT and DeepSeek to enhance their tactics.

A turbulent 2025

In the past, AMBCrypto had reported that crypto users and exchanges endured a turbulent August, with blockchain security firm PeckShield reporting a total of $163 million in stolen assets.

The largest single theft occurred on 19 August, when a Bitcoin holder fell victim to a social engineering attack.

The attackers impersonated support agents for a hardware wallet, tricking the user into revealing credentials and transferring 783 BTC to the criminals. They then funnelled the funds through Wasabi Wallets to obscure the trail.

Finally, Turkey’s largest crypto exchange, BtcTurk, also suffered a major breach. It lost an estimated $48–54 million after hackers compromised hot-wallet keys.