North Korean state-sponsored hackers stole $2.1 billion in cryptocurrency last year, according to a new analysis from blockchain security firm CertiK. That single figure represents 60% of all crypto losses in 2025 — a stark reminder that state-backed actors now dominate the landscape of digital asset crime.
The scale of the theft
CertiK's report, released this week, puts the total losses from crypto hacks and scams in 2025 at roughly $3.5 billion. North Korea's Lazarus Group and other state-linked outfits are responsible for the lion's share. The numbers dwarf previous years and confirm a trend many in the security community had feared: state-sponsored groups have become the primary threat, not opportunistic lone wolves or small-time scammers.
How the money moves
The stolen funds don't just sit in wallets. CertiK found that North Korean operators have built sophisticated cross-chain laundering networks. They swap tokens across Ethereum, Binance Smart Chain, and smaller chains, using bridges and mixers to obscure the trail. It's a cat-and-mouse game that gets harder for investigators each quarter.
The timing isn't great. Regulators in the U.S., Europe, and Asia have been pushing for stricter anti-money laundering rules in crypto, but the cross-chain tactics used by North Korea exploit gaps between jurisdictions. CertiK's data suggests that even with improved on-chain surveillance, state actors are staying ahead — especially when they have unlimited time and state backing to refine their methods.
The report doesn't name specific exchanges or bridges that were compromised, but it notes that the bulk of the laundering happened through decentralized finance protocols and cross-chain bridges that lack robust KYC checks. For security teams, the takeaway is clear: the next big heist may already be in motion.
