North Korea-Linked Hackers Steal $2.02 Billion in 2025, Leading Global Crypto Theft

At least $2.02 billion of the over $3.4 billion that was pilfered between January and early December was the responsibility of the DPRK. $1.5 billion was lost in the February hack of the cryptocurrency exchange Bybit alone. The proceeds are laundered through cross-chain bridges, mixers, specialized marketplaces like Huione, and Chinese-language money movement and guarantee services.

North Korean threat actors also employ a second strategy, which involves embedding IT personnel under false pretenses in businesses all over the world, either directly or through front companies like DredSoftLabs and Metamint Studio. Between 2020 and 2023, it is thought to have embezzled at least $200 million from more than 25 cryptocurrency thefts, according to estimates from Chainalysis. Vong obtained employment with at least 13 different U.S.

companies, including the Federal Aviation Administration, by using fraudulent misrepresentations. Vong received a total salary of over $970,000 for software development services rendered by foreign conspirators. With DPRK-affiliated actors increasingly serving as recruiters to find collaborators through platforms like Upwork and Freelancer to further scale the operations, the IT worker scheme seems to be undergoing a strategy change.

"These recruiters approach targets with a scripted pitch, requesting 'collaborators' to help bid on and deliver projects," according to a report released last month by Security Alliance.Usually, victims install remote-access software like AnyDesk or give up complete access to their freelance accounts. Chrome Remote Desktop. This allows the threat actor to use the victim's confirmed IP address and identity," it continued.