North Korean Crypto Campaign Hits Unprecedented Scale

Reading Time: < 1 minute

In a record-setting surge of digital theft, state-sponsored hackers from North Korea have orchestrated the most damaging year ever for the cryptocurrency sector. Their relentless campaign has systematically drained billions from global platforms, reinforcing the regime’s notoriety as the world’s leading cyber-thief.

This wave of cyber aggression is propelled by Pyongyang’s urgent need to finance its weapons programs under the weight of severe international sanctions. Groups operating under state direction, such as Lazarus, have perfected their methods to persistently target and breach weaknesses across the blockchain and crypto ecosystem.

The figures for 2025 reveal an operation of staggering scope. According to analytics firm Chainalysis, hackers linked to North Korea stole over $2.17 billion in cryptocurrency in just the first six months of the year. This total already exceeds the full-year amount for 2024 and stands as the highest mid-year volume ever recorded.

The most colossal single event was the breach of exchange Bybit on February 21, where attackers made off with nearly $1.5 billion in Ethereum—marking the largest crypto theft in history. This landmark heist was part of a sustained series of attributed attacks, including a subsequent $37 million hack on South Korea’s Upbit exchange.

Despite increasing international sanctions aimed directly at the country and the specific entities involved, Pyongyang’s state-directed hacking operations show no signs of abating, instead reaching new heights in both ambition and execution.