North Korea stole about $2 billion in crypto in 2025, Chainalysis says

Chainalysis estimated that North Korea-linked actors captured about 59% of more than $3.4 billion in crypto stolen globally during the year. The report described an increase in both the scale of major breaches and the frequency of compromises targeting individual users.

Andrew Fierman, head of national security intelligence at Chainalysis, noted that North Korea’s methods for moving and laundering proceeds continue to evolve and urged firms to strengthen security controls.

The report pointed to multiple tactics tied to North Korean operations. Chainalysis described campaigns in which operatives sought jobs at crypto companies to gain access to internal systems, including attempts to mask location and identity. It also cited social engineering, including messages that try to trick users into clicking malicious links that can lead to wallet takeovers.

Chainalysis highlighted the February theft of about $1.4 billion from Bybit as the largest hack of 2025 and one of the biggest on record. The U.S. Federal Bureau of Investigation publicly attributed that incident to North Korea, and Chainalysis estimated the attack represented roughly 40% of the year’s stolen crypto. The report added that large incidents dominated totals, with more than two thirds of stolen funds linked to three major hacks. The topic of safety concerns often comes up in Bybit vs MEXC comparisons, especially when users weigh security controls, token vetting, and overall risk exposure across crypto platforms and their ecosystems.

Chainalysis also flagged growth in personal wallet compromises. It counted about 158,000 such incidents in 2025, roughly triple the level in 2022, and noted an increase in physical extortion cases against crypto holders. Fierman cautioned that public displays of crypto wealth can increase targeting risk.

As GNcrypto reported previously, South Korean authorities on 28 November 2025 linked an unauthorized outflow at Upbit to the North Korea connected Lazarus Group after the exchange flagged abnormal Solana related withdrawals on 27 November. Investigators prepared an on site inspection and assessed the intruders likely gained access by compromising or impersonating administrator accounts, while on chain traces showed funds swapped from Solana into USDC and bridged to Ethereum. Upbit paused deposits and withdrawals during an internal review and revised its loss estimate from about $36.8 million to roughly $30.4 million after reconciling transactions; police opened a case and continued address attribution.