North Korea has stolen virtual assets worth approximately 30 trillion won this year, raising concerns about national-level cyber threats again. It is particularly noteworthy that although the number of attacks has decreased, the amount of losses caused has become even more significant, and AI-based tracking technology is becoming the main means to trace North Korean hackers.
According to global blockchain data analytics firm Chainalysis, hacker groups associated with North Korea stole at least $2.02 billion (approximately 30 trillion won) worth of virtual assets in 2025 alone. This represents a 51% increase from the previous year, primarily due to more sophisticated attack methods. Among the stolen funds, North Korea accounted for about 60% of the total losses from cryptocurrency hacker attacks.
North Korean hackers have changed their strategy, no longer conducting indiscriminate attacks as they did in the past, but instead focusing on a few high-value targets. They conduct long-term reconnaissance on centralized exchanges or bridging platforms with weaker transparency (platforms connecting different virtual assets), and then extract large amounts of funds through a single attack. Subsequently, they split these funds and transfer them through thousands of wallet addresses, a process known as 'peeling chain.' This is a money laundering technique that hides the source of funds by repeatedly conducting small segmented transfers, akin to peeling an onion.
Interestingly, artificial intelligence technology can detect certain 'behavior patterns' even in such complexly disguised capital flows. AI does not focus on individual transactions designed to leave no trace, but rather learns the 'behavioral characteristics signature' of specific groups by combining dozens of factors such as time, frequency, transfer structure, and remittance methods. For example, if remittances are concentrated at specific points in time after lying dormant for months, or if transaction amounts are repeatedly segmented in a regular manner, the analysis suggests a high possibility of association with North Korean affiliated organizations.
Experts point out that the traditional financial sector's anti-money laundering system structure usually only captures transactions above a certain amount, while artificial intelligence tends to classify excessively regular small transactions as suspicious. This means that, compared to a single remittance, repetitive small-scale transactions leave a clearer 'fingerprint.' This indicates that the meticulous calculations of North Korean hackers have, in the face of artificial intelligence, exposed their weaknesses.
Virtual asset hacker attacks have transcended mere economic losses and may evolve into a security crisis, leading to increased attention from the international community. The U.S. Treasury and the United Nations warned the North Korea sanctions committee that the proceeds from North Korea's cybercrime are actually being used for funding the development of nuclear weapons and ballistic missiles. Ultimately, as artificial intelligence rises to become the core tool for monitoring virtual assets, the role of digital technology in the field of cybersecurity is expected to become increasingly important.