A new report by blockchain security firm CertiK reveals that North Korea-linked hackers were responsible for 60% of all crypto theft losses in 2025, totaling $2.06 billion. The state-sponsored groups have evolved from opportunistic exploits to coordinated campaigns targeting DeFi protocols. Social engineering is the dominant attack vector, as seen in the $285 million Drift Protocol hack where hackers posed as a quant trading firm for six months. Stolen funds are rapidly laundered through decentralized exchanges and cross-chain bridges, with 86% of funds in one major case laundered within a month. Since 2016, North Korean hackers have stolen $6.75 billion across 263 incidents. The report highlights that crypto theft has become a primary state revenue mechanism for North Korea, with an industrial-scale laundering network involving underground bankers and OTC brokers. Despite law enforcement efforts, the threat persists into 2026, with North Korean hackers accounting for 55% of global crypto losses since the year began.

Key facts

• North Korean hackers stole $2.06 billion in 2025, 60% of all crypto theft losses.
• Social engineering is the dominant attack vector, with long-term infiltration of DeFi platforms.
• 86% of stolen funds in a major case were laundered within one month via DEXs and bridges.
• Since 2016, DPRK hackers have stolen $6.75 billion across 263 incidents.
• U.S. authorities seized $7.7 million linked to North Korean IT worker laundering networks.