North Korea stole $2 billion in cryptocurrency in one year, raising the total historical theft amount to $6.75 billion

1. 2025: In just one year, North Korean hackers (DPRK) stole $2.02 billion! • Year-on-year growth: A staggering increase of 51% compared to 2024. • Total historical: So far, they have accumulated stolen cryptocurrency assets amounting to $6.75 billion.

2. Common attack methods: The most favored tactic by DPRK now is to send IT undercover agents to cryptocurrency companies. These individuals forge resumes to get hired by Web3 companies, exchanges, or custodians, lurk internally to gain trust, and ultimately obtain “permissions” to conduct leaks and theft.

3. Although we often say DeFi has risks, DPRK is focused on centralized services (CeFi). • Private key leaks are the disaster area. • In the first quarter of 2025, 88% of losses came from centralized platforms where private keys were stolen. • The head effect is very strong: The top three hacker incidents in 2025 accounted for 69% of all service losses.

4. Disposal pathways: DPRK operates completely differently from ordinary hackers. While ordinary hackers prefer DEX and decentralized protocols, DPRK commonly uses channels such as: • Chinese OTC/guarantee services: Usage skyrocketed by over 1000% (taking advantage of weak regulatory gaps). • Cross-chain bridges: Still the old formula, using bridging to confuse the situation. • Mixers: An essential route. They even have a dedicated Asian money laundering network to convert crypto into fiat currency.