North Korean hackers swiped $2 billion worth of cryptocurrency in 2025, a sharp escalation that marks the highest annual haul on record. The regime's cyber operations are now a central pillar of its funding for weapons programs, according to intelligence assessments. The thefts — spanning exchange breaches, DeFi exploits, and phishing campaigns — have raised alarms across law enforcement and national security agencies.
A record year for theft
The $2 billion figure represents a significant jump from previous years. While exact breakdowns are still being collated, the pattern is clear: North Korea's hacking units, operating under groups like Lazarus and BlueNoroff, targeted both centralized exchanges and decentralized protocols. The 2025 tally surpasses the $1.7 billion stolen in 2022, making it the most lucrative year yet for Pyongyang's cyber criminals.
Pyongyang's growing reliance on crypto crime
North Korea's economy has long been isolated by international sanctions, and crypto theft has become a crucial workaround. The stolen funds are laundered through mixers, cross-chain bridges, and over-the-counter brokers before being converted into fiat or used to purchase components for missile and nuclear programs. The 2025 spike suggests the regime is doubling down on this strategy as diplomatic avenues remain frozen and sanctions enforcement tightens.
Why the spike matters
The scale of the theft isn't just a financial problem for victims — it's a systemic security risk. Each successful heist gives Pyongyang more resources to advance its weapons capabilities, and the sophistication of the attacks keeps growing. Law enforcement agencies across the US, South Korea, and Japan have stepped up joint operations, but the hackers have proven adaptable. The $2 billion figure underscores how crypto infrastructure remains a vulnerable chokepoint in global security.
What comes next is uncertain. The US Treasury has signaled new sanctions designations targeting money laundering channels, but enforcement is slow. For now, North Korea's hackers show no signs of slowing down.
