TL;DR:
- According to CertiK, hackers linked to North Korea stole $2.06 billion in cryptocurrencies in 2025, accounting for 60% of all theft-related losses.
- Since 2016, North Korean state-sponsored groups have accumulated $6.75 billion stolen across 263 documented incidents.
- 86% of the funds stolen in one of the most significant cases was laundered in under a month through DEXs and cross-chain bridges.
Blockchain security firmĀ CertiKĀ published a newĀ analysisĀ revealing howĀ hacker groups linked to North KoreaĀ have become the primary threat to the global crypto ecosystem. According to the report, these groupsĀ stoleĀ $2.06 billion in 2025, representingĀ 60%Ā of total theft-related losses recorded that year. The trend continues into 2026, with North Korean groupsĀ responsible for 55% of losses recorded since January.
The document was produced through CertiK’sĀ SkynetĀ platform. It traces the evolution of these groups from opportunistic attacks toward coordinated, long-term campaigns. Taylor Monahan, the report’s author, identifiesĀ social engineeringĀ as theĀ dominant attack vector. The most illustrative case is theĀ Drift ProtocolĀ hack, which occurred in April 2026, where North Korean regime operativesĀ spent six months infiltrating the DeFi platform while posing as a quantitative trading firm, before stealing approximatelyĀ $285 million.
CertiK Describes the Infrastructure Behind Large-Scale Laundering
What sets these groups apart is not only their capacity to steal, butĀ the speed and sophistication with which they make funds disappear. CertiK documented that in one of the analyzed cases,Ā 86% of the stolen funds were laundered in under a monthĀ through decentralized exchanges and cross-chain bridges. Blockchain analytics firmĀ TRM LabsĀ described these operations as an “industrial-scale” threat that combinesĀ cyberattacks, illicit financial infrastructure, and overseas intermediaries.
CertiK researchers refer to this laundering network as the “Chinese Laundry,” a web that includesĀ underground bankers, OTC brokers, and money transfer operators. TheĀ BybitĀ exploit in February 2025, in whichĀ $1.46 billionĀ was extracted across just two transactions, remains the most extreme case: more than $1 billion of those fundsĀ were laundered through the same cross-chain infrastructureĀ detailed in the report.
Prevention Measures
In response to this landscape, U.S. authorities have intensified legal action. The Department of Justice filed a civilĀ forfeiture complaint in June 2025 for $7.7 million in cryptocurrenciesĀ linked to laundering networks operated by North Korean IT workers.
Court documents revealed thatĀ a wallet controlled by Sim HyonĀ Sop, a representative of North Korea’s Foreign Trade Bank, received more thanĀ $24 millionĀ between August 2021 and March 2023. CertiK, for its part, recommends that companies implementĀ identity verification through video interviews, zero-trust hiring policies, and technical reinforcement of active bridges and wallets.
