North Korea’s threat actors have turned crypto theft into a methodical source of national income. Security firms say coordinated cybersecurity efforts are now critical to protect digital asset infrastructure.CertiK reports DPRK-affiliated groups stole $6.75 billion across 263 incidents from 2016 to early 2026. The data shows a decade-long uptrend in blockchain-targeted attacks.
2025-2026 Loss Data and Major Hacks
According to a CertiK report, North Korea’s crypto theft campaigns netted $2.06B in 2025, accounting for 60% of the sector’s annual total of $3.4B.
In 2026, DPRK actors have stolen $620M of the year-to-date total of $1.1B, representing 55%. The scale of major exploits, such as the 2025 $1.5B Bybit hack. Also, the $294M KelpDAO breach indicates a strategic move toward large exchange and DeFi protocol hits.
Also Read: Ripple Joins Crypto ISAC Push to Stop North Korean Hackers
Infiltration Tactics and New Threat Groups
Attack methods behind North Korea’s crypto theft operations have become more complex. For example, TRM Labs has verified that the $285 million Drift attack followed “face-to-face” meetings between DPRK proxies and protocol staff. It is a method that they say is “unprecedented”. Beyond the Lazarus Group, new DPRK movements like TraderTraitor used the Drift attack, while a different movement of DPRK executed the KelpDAO theft.
The use of these trickery tools marks a shift from remote-only exploits. North Korea’s crypto theft strategy now relies on hybrid social-engineering campaigns. Attackers pose as IT support or set up in-person meetings with project staff. That gives them access past typical security perimeters in blockchain operations. The rise of new groups like TraderTraitor alongside Lazarus shows North Korea’s cyberwarfare capabilities are expanding.
Also Read: Ethereum-Backed Ketman Reveals 100 Suspected North Korean IT Operatives Infiltrating Crypto
Laundering and Mitigation Efforts
North Korea’s 2026 share of crypto theft losses is estimated to be as much as 76 percent year-to-date. But stolen money already is converted to bitcoin and laundered via crypto mix services like Tornado Cash, Thorchain, Dexes, and OTC desks.
So blockchains are upgrading early threat detection to counter crypto theft. The U.S. Treasury is thinking about expanding the sharing of financial threat intelligence for crypto companies.
Also Read: Suspect In $46M US Marshals Crypto Theft Arrested In Saint Martin
