North Korean Hackers Stole $2.1B in Crypto in 2025, CertiK Report Reveals

North Korean hackers stole $2.06 billion in cryptocurrency during 2025, representing 60% of all crypto theft losses that year, according to a new report from blockchain security firm CertiK.

The scale of the theft is part of a broader trend. Since 2016, DPRK-linked groups have stolen $6.75 billion across 263 incidents, transforming from opportunistic attackers into a coordinated state-sponsored threat targeting decentralized finance (DeFi) protocols.

Social engineering remains the dominant attack vector. In one case, hackers spent six months infiltrating the Solana-based Drift Protocol by posing as a quantitative trading firm, ultimately stealing $285 million.

Once stolen, funds vanish quickly. CertiK notes that in one major incident, 86% of stolen assets were laundered within a month using decentralized exchanges and cross-chain bridges.

The regime's laundering network-dubbed the 'Chinese Laundromat' by researchers-relies on underground bankers, over-the-counter brokers, and trade-based intermediaries.

U.S. authorities are pushing back. The Justice Department filed a civil forfeiture complaint last June targeting $7.7 million in crypto tied to North Korean IT worker laundering networks. Court documents revealed one wallet linked to a sanctioned North Korean bank received over $24 million between 2021 and 2023.

Security firms recommend rigorous identity verification, zero-trust hiring policies, and technical hardening of DeFi infrastructure such as bridges and hot wallets.