- North Korean attackers have stolen an estimated $6.75 billion in 263 incidents since 2016.
- In 2025, roughly $2.06 billion of cryptocurrencies have been stolen. This represented 60% of all funds stolen that 12 months.
- Since January 2026, 185 incidents have occurred, ensuing within the theft of $1.1 billion in funds.
Blockchain safety agency CertiK has launched an in depth report known as the Skynet North Korea Crypto Risk Report, warning that North Korea’s hacking efforts focusing on cryptocurrencies have gotten extra refined and tough to detect.
The report supplies an in depth evaluation of how North Korean hackers proceed to take advantage of weaknesses in cryptocurrencies by means of methods equivalent to social engineering, faux job postings, enlisting the assistance of insiders, spreading malware, and laundering cash throughout numerous blockchains.
In accordance with CertiK, these operations are actually one of many greatest and most persistent safety threats that the worldwide cryptocurrency trade has to take care of.
North Korean attackers have reportedly stolen an estimated $6.75 billion in 263 incidents since 2016. This quantity may be greater, contemplating that it doesn’t embody a whole lot of smaller, unreported assaults.
In 2025, hackers linked to North Korea stole roughly $2.06 billion in cryptocurrencies. This represented 60% of the funding obtained that 12 months, regardless of being accountable for solely 12% of all safety incidents.
The identical exercise will proceed in 2026, with North Korea accounting for 55% of all cryptocurrency losses this 12 months, primarily because of large-scale hacks just like the $291 million KelpDAO assault. Since January 2026, 185 incidents have occurred, ensuing within the theft of roughly $1.1 billion in funds.
Whereas the $1.5 billion Bybit hack in February 2025 is the most important cryptocurrency heist in historical past, different large-scale breaches equivalent to Ronin ($625 million) and Drift ($285 million) display how refined these operations have turn into.
Within the month following the Bybit hack, over 86% of the stolen ETH was transformed to Bitcoin utilizing mixers, bridges, DEXs, and OTC brokers to cowl their tracks.
Major assault mode
CertiK emphasizes that large-scale hacks normally begin with deceiving folks, not with bugs within the good contracts themselves. This contains faux job affords and pretending to be a VC. Planting malicious code can also be one of many strategies talked about.
Moreover, North Korean operatives infiltrated DeFi groups with faux identities, enabling theft from inside.
In accordance with the report, provide chain assaults are additionally occurring repeatedly, as seen within the Bybit incident. Hackers are breaking into high-security multisig wallets (the type utilized by establishments) by infiltrating trusted third-party methods, slightly than focusing on wallets straight.
Associated: North Korea’s crypto heist technique deepens with KelpDAO HacK
Disclaimer: The knowledge contained on this article is for informational and academic functions solely. This text doesn’t represent monetary recommendation or recommendation of any form. Coin Version will not be accountable for any losses incurred on account of the usage of the content material, merchandise, or providers talked about. We encourage our readers to do their due diligence earlier than taking any motion associated to our firm.