North Korean cyber actors have systematically stolen billions from cryptocurrency platforms, establishing it as a major source of illicit revenue. According to recent reports, groups like Lazarus and TraderTraitor have netted over $2 billion in 2025 and $620 million so far in 2026 through sophisticated attacks, including social engineering and large-scale protocol breaches. Security firms emphasize that coordinated efforts are now critical to defend the digital asset infrastructure against these advanced threats.
North Korean threat actors have methodically turned cryptocurrency theft into a significant source of national income. Security firms state coordinated cybersecurity efforts are now critical to protect digital asset infrastructure.
CertiK reports DPRK-affiliated groups stole $6.75 billion across 263 incidents from 2016 to early 2026. The data shows a decade-long uptrend in blockchain-targeted attacks.
According to a CertiK report, North Korea’s crypto theft campaigns netted $2.06 billion in 2025, accounting for 60% of the sector’s annual total. In 2026, DPRK actors have stolen $620 million of the year-to-date total, representing 55% of losses.
The scale of major exploits includes the 2025 $1.5 billion Bybit hack and the $294 million KelpDAO breach. These incidents indicate a strategic move toward large exchange and DeFi protocol targets.
TRM Labs has verified that the $285 million Drift attack followed “face-to-face” meetings between DPRK proxies and protocol staff. They describe this method as “unprecedented”.
Beyond the Lazarus Group, new DPRK movements like TraderTraitor were used in the Drift attack, while a different movement executed the KelpDAO theft. Attackers now pose as IT support or set up in-person meetings to bypass security perimeters.
North Korea’s 2026 share of crypto theft losses is estimated to be as high as 76 percent year-to-date. Stolen funds are converted and laundered via services like Tornado Cash, Thorchain, decentralized exchanges, and OTC desks.
Blockchain networks are upgrading early threat detection to counter these thefts. The U.S. Treasury is considering expanding the sharing of financial threat intelligence for crypto companies.
