Losses tied to North Korean hackers jumped 51% year-over-year in 2025, according to a new report. The increase underscores a persistent threat from state-backed cybercriminals who continue to target cryptocurrency platforms and users around the world.
The scale of the increase
The 51% rise marks the second consecutive year of growth in North Korea-linked crypto theft. While the report didn't disclose a total dollar figure, the pace of losses has accelerated as the country's hacker networks refine their methods. The timeline suggests that 2025 was a particularly active year for these groups.
How the hackers operate
Unlike the image of a single monolithic unit, North Korea's cyber operations are carried out by a large number of small, independent hacker groups. Their playbook relies on malware and social engineering — phishing emails, fake job offers, and malicious software that slips past basic defenses. These decentralized teams can adapt quickly, making them hard to track and disrupt.
The persistent rise in losses puts pressure on exchanges and wallet providers to upgrade security. Social engineering attacks target individuals as often as institutions, so the threat isn't limited to big players. The report's findings arrive as regulators in multiple jurisdictions push for tougher crypto custody rules — but the hackers keep finding new ways in.
Whether 2026 will see another jump isn't clear. The groups are still active, and the crypto industry's defenses are still playing catch-up.
