North Korean Hackers Steal Record Amount in Cryptocurrencies

Published on January 06, 2026 | Translated from Spanish
Conceptual illustration of a hooded hacker in front of a screen with cryptocurrency charts and the North Korea symbol, representing large-scale cyber theft.

North Korean Hackers Steal Record Amount in Cryptocurrencies

The activity of cyber groups associated with North Korea has reached a new all-time high. According to Chainalysis data, this year they have managed to divert funds worth more than two billion dollars. This figure represents an increase of over 50% compared to the same period last year, showing a clear escalation in their criminal operations. 🚨

Total Volume of Thefts Attributed to North Korea

When analyzing the historical series, the accumulated amount attributed to these entities reaches at least 6.75 billion dollars. This confirms that these operations constitute a recurring and large-scale source of financing for the regime. Analysts highlight the high level of sophistication they employ, exploiting flaws in blockchain bridge protocols and decentralized financial services to steal the assets.

Key Details from the Report:
  • The funds stolen in 2025 exceed 2 billion dollars.
  • This value accounts for more than half of the industry's total losses from thefts, which amount to about 3.4 billion.
  • The methodology includes exploiting technical vulnerabilities in DeFi and cross-chain infrastructures.
The data released by Bloomberg paints a picture of a clear intensification in Pyongyang's criminal activities in the financial cyberspace.

The Impact and Methods of the Attacks

The consequences of these cyberattacks are widespread, affecting not only large exchanges but also individual projects and thousands of users, eroding trust in the entire ecosystem. To compromise systems, malicious actors combine social engineering techniques, malware, and code exploitation.

Post-Theft Phases:
  • Once the funds are obtained, they initiate complex processes to launder the money.
  • They use cryptocurrency mixers (tumblers) and perform cross-chain transactions across multiple blockchains.
  • The main objective is to obstruct tracking and any attempt to recover the stolen assets.

A State Financing Strategy

This pattern of activity suggests that, compared to alternatives like mining cryptocurrencies, the regime has opted for a more direct and lucrative strategy: industrial-scale cyber theft. The evolution of their tactics and the volume of funds mobilized position them as one of the most persistent and costly threats to the security of the global crypto ecosystem. 💻🔒