According to cybersecurity firm CrowdStrike's 2026 Financial Services Threat Landscape report, North Korea (DPRK) state-affiliated hackers stole over $2 billion in cryptocurrency in 2025, a 51% year-over-year increase, despite fewer attacks. The report identifies DPRK hackers as the largest threat group targeting crypto users by stolen asset value. Stolen funds are believed to be laundered to fund military programs. Attackers focused on high-value targets in Web3 and exchanges due to greater anonymity in crypto compared to traditional finance. In April 2025, the Ethereum Foundation identified 100 DPRK-backed hackers infiltrating crypto projects. The Drift Protocol DEX suffered a $280 million loss after hiring remote workers who met the team in person at a conference and deployed malware over six months. Onchain investigator ZachXBT documented DPRK IT workers earning $1 million monthly. The report underscores the growing threat of state-affiliated cyberattacks on the crypto industry.

Key facts

• DPRK hackers stole over $2 billion in crypto in 2025, a 51% YoY increase.
• Fewer attacks but higher returns due to targeting high-value victims.
• Drift Protocol lost $280M after DPRK affiliates deployed malware.
• Ethereum Foundation identified 100 DPRK-backed infiltrators in April 2025.
• ZachXBT documented DPRK IT workers earning $1M monthly.

KeyAudit data perspective