North Korea-linked hacking groups have stolen more than $2 billion in cryptocurrency in 2025, with Ethereum and Solana accounting for the bulk of the losses. Blockchain security firms say the scale of the thefts makes this one of the worst years on record for state-backed crypto crime.
North Korea-Linked Hackers Breach Major Exchanges
A recent Chainalysis report found that the cryptocurrency industry suffered over $3.4 billion in theft from January to early December 2025. According to blockchain investigators, $2 billion out of that figure was linked to cybercriminals associated with the Democratic People’s Republic of Korea.
Further, according to the report, the amount of money stolen by these North Korean hackers has reached a high of $6.75 billion.
Meanwhile, much of the stolen crypto came from a small number of high-profile exchange breaches. In one of the year’s most significant incidents, cybercriminals attacked the Bybit exchange in February. They stole over $1.5 billion in Ethereum, sending shockwaves across the industry.
Solana was also hit hard, as multiple wallet and platform exploits, including the Upbit hack, resulted in significant SOL losses. Investigators say the hackers deliberately targeted assets with deep liquidity, making it easier to move and obscure stolen funds across chains and platforms.
Fewer Attacks, Bigger Payoffs
Rather than launching frequent small-scale attacks, North Korean hackers are focusing on fewer but far more lucrative operations.
Investigators say these attacks often involve months of preparation, including social engineering, insider access, and deep system infiltration before funds are finally drained. This shift has enabled attackers to extract maximum value from individual breaches while keeping overall attack numbers relatively low.
Interestingly, the Chainalysis report also revealed that the ratio between the largest hack and the median has, for the first time, crossed the 1000x threshold. This means that funds stolen in large-scale crypto heists are now more than 1,000 times larger than those stolen in regular crypto thefts.
Global Response and Ongoing Threat
Authorities around the world are increasing efforts to trace stolen crypto and disrupt laundering networks. In several cases, law enforcement agencies have successfully frozen wallets linked to North Korean actors, slowing the movement of illicit funds.
However, the threat remains active and continues to evolve. According to Chainalysis, while these hacker attacks reduced by 74% compared to the previous year, the total theft this year was still higher.
Thus, despite the increased security infrastructure by blockchain platforms, the North Korean-linked hacking network continues to pose a serious threat to the crypto industry. Meanwhile, it’s worth noting that attacks on personal wallets drastically reduced as the funds stolen from individuals decreased from $1.5 billion in 2024 to $713 million in 2025.
Temitope Olajide
