TLDR
- North Korea stole approximately $2.83 billion in cryptocurrency.
- One-third of North Korea’s foreign income came from thefts.
- Major exchanges like Bybit were targeted in sophisticated attacks.
Recent investigations have revealed that North Korea has been implicated in stealing approximately $2.83 billion in cryptocurrency since 2024. The thefts have primarily been attributed to North Korea’s advanced state-sponsored hacker groups, including the TraderTraitor group, which have targeted major cryptocurrency exchanges such as Bybit, DMM Bitcoin, and WazirX.
The attacks have been carried out using sophisticated methods such as social engineering, malware, and exploiting vulnerabilities within security systems. In February 2025, a significant attack on Bybit exploited weaknesses in SafeWallet’s multi-signature system, leading to substantial crypto losses. The event has highlighted the ongoing threat posed by North Korean hackers to the global cryptocurrency ecosystem.
Multilateral Sanctions Monitoring Team’s Findings
The Multilateral Sanctions Monitoring Team (MSMT), which was established in 2024 to replace the UN Panel of Experts, has published detailed reports on these cyber incidents. According to the MSMT’s October 2025 report, about one-third of North Korea’s foreign income in the previous year was derived from cryptocurrency theft. This underscores the scale and impact of these operations on geopolitical and financial landscapes.
The MSMT, which includes representatives from the US, South Korea, and Japan, has been at the forefront of monitoring and reporting these events. Their findings include extensive evidence of how stolen funds are laundered through networks in China, Russia, and Cambodia. These activities have prompted calls for increased compliance and security measures across exchanges worldwide.
Impact on Major Cryptocurrencies
The thefts have had a significant impact on major cryptocurrencies, particularly Ethereum and Bitcoin. These assets have been prime targets for the hackers, who typically swap stolen cryptocurrencies into Ethereum before laundering them out as Bitcoin. This process often involves the use of mixing services such as Tornado Cash and Wasabi to obscure the transactions.
Consequently, affected platforms have experienced rapid declines in Total Value Locked (TVL) and liquidity, with immediate effects on market stability and investor confidence. Blockchain analytics firms including Elliptic and Chainalysis have been instrumental in tracking these flows and identifying patterns associated with North Korean cyber activities.
Regulatory and Industry Responses
In response to these incidents, the MSMT coalition has issued detailed sanctions guidance to bolster security and compliance across cryptocurrency exchanges. Despite these measures, no formal statements or Twitter posts have been found from regulatory bodies such as the SEC, CFTC, or ESMA addressing these specific attacks as of the latest update.
The broader crypto community has actively responded by increasing GitHub activity around security measures, enhancing incident response protocols, and proposing system upgrades. While notable figures like Arthur Hayes, CZ, and Vitalik have not publicly commented on the North Korean hacks, discussions on platforms like Twitter and Discord reflect a heightened focus on wallet security improvements and maintaining trust in the crypto ecosystem.
- Exploring Crypto Hacking and Stolen Funds in 2025: Chainalysis Blog
- IC3 Public Service Announcement: Cybercrime Safety Tips for 2025
| Disclaimer: The content on defiliban.com is provided for informational purposes only and should not be considered financial or investment advice. Cryptocurrency investments carry inherent risks. Please consult a qualified financial advisor before making any investment decisions. |
