North Korean Hackers Steal 70% of 2025s 2.1 Billion Crypto Thefts

In the first half of 2025, cryptocurrency thefts reached an unprecedented level, with North Korean hackers responsible for nearly 70% of the $2.1 billion stolen. This alarming trend highlights the evolving tactics of nation-state actors who are leveraging cybercrime as a strategic tool rather than purely for financial gain. The surge in crypto thefts underscores the increasing sophistication and scale of attacks originating from state-backed groups, particularly North Korea, which has emerged as the most prolific nation-state threat actor within the crypto ecosystem.

The February 2025 breach of Bybit, a Dubai-based crypto exchange, was central to the record thefts. Hackers stole nearly $1.5 billion in Ethereum and related assets, marking the largest crypto heist in history. Investigations revealed that the breach stemmed from a compromised developer laptop interacting with a malicious docker project, exposing vulnerabilities in multi-signature wallet security. The multi-signature wallet provider, Safe, confirmed that a high-level developer’s workstation was the attack vector. This exploit was attributed to North Korean threat actors, underscoring the strategic targeting of infrastructure to gain control over private keys and seed phrases.

TRM Labs’ analysis indicates a paradigm shift in crypto-related cybercrime, where attacks are increasingly symbolic or strategic rather than purely financially motivated. The report notes that 80% of the losses in 2025 resulted from infrastructure attacks, highlighting the growing focus on compromising critical security components such as private keys. This evolution reflects how nation-states like North Korea are weaponizing crypto theft to fund geopolitical objectives, including sanctioned programs, while simultaneously destabilizing the global crypto market.

The unprecedented scale of these hacks has prompted calls for enhanced security protocols within crypto exchanges and wallet providers. Industry experts advocate for robust multi-factor authentication, continuous monitoring of developer environments, and stricter access controls to mitigate risks associated with insider threats and compromised credentials. Furthermore, regulatory bodies are increasingly scrutinizing crypto platforms to enforce compliance with cybersecurity standards, aiming to curb the influence of nation-state actors in the digital asset space.

The first half of 2025 has set a new benchmark for crypto theft, driven predominantly by North Korean state-sponsored hackers employing sophisticated infrastructure attacks. This trend signals a critical juncture for the cryptocurrency industry, emphasizing the need for heightened security measures and international cooperation to address the strategic weaponization of crypto crime. Stakeholders must prioritize resilience and transparency to safeguard digital assets against evolving nation-state threats.