North Korean hackers pilfered 60% of the value from cryptocurrency attacks in 2025, according to CertiK. The funds went toward funding the regime’s nuclear and ballistic missile projects, showing how dependent the government is on digital assets to make money.
According to a recent Skynet analysis, out of 656 events recorded in 2025, 79 were linked to entities associated with the Democratic People’s Republic of Korea (DPRK), resulting in around $2.06 billion of the total $3.4 billion in crypto security damages.
Significant Sources of Regime’s External Income
The report states that independent onchain researcher Taylor Monahan found that between 2016 and early 2026, there were 263 confirmed occurrences in which people associated with the DPRK stole crypto, with an estimated value of $6.75 billion.
Open-source estimates reveal that these operations constitute a significant portion of the regime’s external income, and CertiK’s analysis concludes that North Korea has “industrialized” crypto theft into a core state revenue mechanism. The country’s digital asset theft becomes a sustained revenue stream.
Opportunistic hot wallet compromises are being replaced by fewer, higher-value operations that aim for the biggest pools of wealth, according to the report.
According to CertiK, there was an emphasis on “precision and scale” in 2025, with DPRK-linked groups responsible for almost 60% of the stolen value but only about 12% of overall occurrences.
The report states that the TraderTraitor cluster was compromised via a third-party signature provider’s supply chain, which led to the greatest incident—the Bybit attack in February 2025—and around $1.5 billion in damages.
According to CertiK’s onchain research, a staggering 86% of the stolen Ether was turned into Bitcoin in the month after the breach. This was achieved via the use of mixing services, cross-chain bridges, decentralized exchanges, and over-the-counter brokers.