North Korea Weaponizes Crypto to Bypass Sanctions, Fund Missiles

Generated by AI AgentCoin WorldReviewed byAInvest News Editorial Team
Saturday, Oct 25, 2025 5:46 pm ET1min read
Speaker 1
Speaker 2
AI Podcast:Your News, Now Playing
BTC
--
Aime RobotAime Summary

- North Korea's cyber groups stole $2.8B in crypto since 2024, bypassing sanctions to fund military programs.

- Attacks used supply-chain hacks and social engineering, with Bybit's $1.4B breach being the largest incident.

- Stolen funds are laundered via mixers and Chinese brokers, converting crypto to fiat for weapons procurement.

- Sanctions face limitations as Pyongyang exploits crypto's anonymity, with $1.65B stolen in 2024's first nine months.

- Evolving cyber tactics and decentralized networks complicate enforcement, sustaining regime's illicit financial operations.

North Korea's state-backed cyber operations have siphoned at least $2.8 billion in cryptocurrency since January 2024, with the illicit funds fueling the regime's military ambitions and circumventing international sanctions, according to a report by the

Multilateral Sanctions Monitoring Team
. The thefts, orchestrated by groups like Lazarus, Kimsuky, and TraderTraitor, exploit vulnerabilities in digital asset exchanges and custody providers, allowing Pyongyang to bypass traditional financial systems and evade restrictions on its nuclear and missile programs.

The attacks rely on sophisticated tactics, including supply-chain compromises and social engineering, to infiltrate third-party infrastructure used by exchanges for secure storage. For instance, the February 2025 breach of Bybit—accounting for roughly half of the total $2.8 billion stolen—was enabled by targeting companies like Safe(Wallet), Ginco, and Liminal Custody. In one case, a TraderTraitor actor impersonated a LinkedIn recruiter to compromise a Ginco employee, leading to the $308 million loss at DMM

Bitcoin
. These operations highlight North Korea's shift from direct exchange hacks to infiltrating the broader ecosystem of digital asset management.

Once stolen, the crypto is laundered through mixers, cross-chain bridges, and Chinese over-the-counter brokers, converting the assets into fiat currency for use in weapons development and procurement. The report notes that stablecoins are increasingly used to purchase military equipment and raw materials like copper, which is critical for munitions production, according to a

South China Morning Post report
. This method allows Pyongyang to conduct transactions without triggering the same scrutiny as traditional banking channels.

The scale of the theft underscores the limitations of current sanctions frameworks. Despite U.S. and European efforts to restrict North Korea's access to global markets, the regime's cyber capabilities provide a resilient alternative revenue stream. "These operations demonstrate a deliberate strategy to exploit digital finance's anonymity and global reach," said the monitoring team, which attributes the cyber campaigns to the Reconnaissance General Bureau, North Korea's primary intelligence agency.

The findings align with broader trends in state-sponsored cybercrime. A separate report from the same group highlighted that North Korea's cyber force had already stolen $1.65 billion between January and September 2024, with the Bybit heist alone contributing $1.4 billion. The stolen funds are directly funneled into weapons of mass destruction and ballistic missile programs, the report states.

As global regulators and cybersecurity firms scramble to address these threats, the challenge remains in tracking and disrupting the complex laundering networks. The use of Chinese brokers and decentralized infrastructure complicates enforcement, particularly as geopolitical tensions with Beijing persist. For now, North Korea's cyber-enabled financial operations continue to evolve, offering a stark example of how digital assets can be weaponized to sustain authoritarian regimes.