"Threat actors with ties to the Democratic People's Republic of Korea (DPRK or North Korea) have been instrumental in driving a surge in global cryptocurrency theft in 2025, accounting for at least $2.02 billion out of more than $3.4 billion stolen from January through early December. The figure represents a 51% increase year-over-year and $681 million more than 2024, when the threat actors stole $1.3 billion, according to Chainalysis' Crypto Crime Report shared with The Hacker News."
"The February compromise of cryptocurrency exchange Bybit alone is responsible for $1.5 billion of the $2.02 billion plundered by North Korea. The attack was attributed to a threat cluster known as TraderTraitor (aka Jade Sleet and Slow Pisces). An analysis published by Hudson Rock earlier this month linked a machine infected with Lumma Stealer to infrastructure associated with the Bybit hack based on the presence of the email address " trevorgreer9312@gmail[.]com.""
""This marks the most severe year on record for DPRK crypto theft in terms of value stolen, with DPRK attacks also accounting for a record 76% of all service compromises," the blockchain intelligence company said. "Overall, 2025's numbers bring the lower-bound cumulative estimate for cryptocurrency funds stolen by the DPRK to $6.75 billion.""
North Korean-linked actors stole at least $2.02 billion in cryptocurrency during 2025, a 51% year-over-year increase and part of more than $3.4 billion stolen globally from January through early December. DPRK attacks comprised a record 76% of all service compromises in 2025, raising the lower-bound cumulative estimate of DPRK-linked thefts to $6.75 billion. The February Bybit compromise accounted for $1.5 billion and was attributed to a cluster known as TraderTraitor. The Lazarus Group, affiliated with Pyongyang's Reconnaissance General Bureau, has been linked to multiple prior heists, including recent activity against other exchanges.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]