A new report from blockchain security firm CertiK reveals North Korea has industrialized cryptocurrency theft, turning it into a core state revenue mechanism. According to the Skynet report, DPRK-linked hackers stole an estimated $2.06 billion of the $3.4 billion lost to crypto hacks in 2025-about 60% of the total. These funds are funneled directly into the regime's nuclear and ballistic missile programs.
Between 2016 and early 2026, North Korean actors stole $6.75 billion in crypto across 263 incidents. The largest single heist was the $1.5 billion Bybit exploit in February 2025, attributed to the TraderTraitor group. Within a month, 86% of the stolen Ether was converted to Bitcoin using mixers, bridges, and OTC brokers.
Total DPRK crypto theft over the years. Source: CertiK/Skynet
CertiK notes a tactical shift: fewer, higher-value targets. DPRK groups were responsible for only 12% of incidents, but 60% of losses. Attack vectors have evolved from phishing to sophisticated supply chain compromises and even physical infiltration. The April 2026 Drift Protocol exploit-$285 million from Solana-involved a six-month operation with conference attendance and relationship-building.
Jonathan Riss, blockchain intelligence analyst at CertiK, warns that North Korean IT workers are now infiltrating Western crypto and fintech firms under false identities. The report, citing U.S. and UN assessments, confirms these crypto thefts support missile development, elevating the issue to international security.