Skip to content

North Korea’s Cyber Heists Surge: Billions Stolen In Cryptocurrency And Tech Sector Salaries In 2025

North Korea’s Cyber Heists Surge: Billions Stolen in Cryptocurrency and Tech Sector Salaries in 2025

In a dramatic escalation of cybercrime, North Korea has stolen over $2 billion in cryptocurrency this year alone, alongside billions more through fraudulent tech firm salaries, according to multiple reports and a recent international investigation.

The cyber threats originating from Pyongyang have intensified, with sophisticated hacking groups linked to the regime orchestrating large-scale thefts targeting cryptocurrency exchanges and employing deceptive means to secure remote jobs at technology companies abroad. These operations are believed to be a critical revenue source for North Korea’s nuclear weapons and missile programs, helping the isolated nation evade international sanctions.

Record Cryptocurrency Thefts Mark 2025

Blockchain analytics firms such as Elliptic estimate that North Korean hackers have appropriated more than $2 billion in cryptocurrency assets during 2025. Among the most prominent attacks was the massive $1.46 billion heist from the Dubai-based cryptocurrency exchange Bybit in February, an incident which the FBI has publicly attributed to North Korean actors operating under the codename “TraderTraitor.”

This theft reflects the largest single cryptocurrency robbery linked to the regime in its history, adding to a cumulative total exceeding $6 billion in stolen virtual assets since 2017. The stolen funds are frequently laundered and converted into other cryptocurrencies or fiat money via complex blockchain addresses to obscure the origin and facilitate global dispersal. Private-sector participants including blockchain analytics companies, exchanges, and decentralized finance (DeFi) services have been urged to assist by blocking illicit transactions tied to these addresses.

Clandestine Employment Fraud in the Tech Sector

Beyond direct cyber theft, North Korea has invested heavily in a covert strategy involving “clandestine IT workers.” These operatives fabricate false identities to obtain remote work at foreign technology and cryptocurrency firms and increasingly target AI research organizations, financial institutions, healthcare sectors, and government bodies across the US, Middle East, and Australia.

While earning legitimate salaries initially, these workers gain access to sensitive networks and proprietary data, which they may subsequently exfiltrate or weaponize for extortion. This method provides North Korea with a continuous and stealthy income stream complementing its hacking operations. Experts highlight that this outsourcing approach amplifies the regime’s capacity to evade detection and penetrate a wide range of international systems.

Strategic Implications and International Response

An extensive report by the Multilateral Sanctions Monitoring Team, comprised of the US and ten allied nations, underscores how Pyongyang leverages its cyber capabilities predominantly to fund and advance its nuclear and ballistic missile programs. Unlike other state actors such as China, Russia, and Iran, North Korea concentrates on cybercrime as a primary financing mechanism, posing a unique security challenge.

The report details the use of malware to disrupt foreign networks, steal sensitive information, and launder funds via cryptocurrency — activities that have been directly tied to the destruction of computer infrastructure, threats to civilian safety, and funding for weapons of mass destruction. Cooperation between North Korea and some entities in Russia and China is noted as facilitating these illicit cyber operations.

Cybersecurity firms and global law enforcement agencies continue to monitor and seek to dismantle North Korea’s cybercrime networks. The FBI and other bodies encourage public-private collaboration to track suspicious transactions and halt the money laundering of stolen assets.

Outlook

With North Korea’s offensive cyber capabilities now rivaling more traditional cyber powers, the global community faces an increasingly complex threat landscape. The regime’s adaptation of cyber theft and remote fraud to secure funding for its illicit programs signals a dangerous evolution in state-sponsored cybercrime, emphasizing the need for heightened vigilance and coordinated international cybersecurity efforts.

Reported by multiple international security and intelligence agencies; data current as of October 2025.

Related posts:

  1. Wisconsin Enacts New State Regulations To Protect Consumers Using Cryptocurrency Kiosks Wisconsin has introduced a series of new regulations aimed at...
  2. Why Investors Are Looking Beyond XRP To This High-Flying Cryptocurrency Why Investors Are Looking Beyond XRP to This High-Flying Cryptocurrency...
  3. Ripple-SEC Settlement Marks Historic Shift In Cryptocurrency Regulation And Institutional Adoption Ripple-SEC Settlement Marks Historic Shift in Cryptocurrency Regulation and Institutional...
  4. Not Bitcoin: This Cryptocurrency Emerges As The Unexpected Winner Amid Trump’s 2025 Tariffs Not Bitcoin: This Cryptocurrency Emerges as the Unexpected Winner Amid...
  5. Top 10 Cryptocurrencies Beyond Bitcoin Worth Watching In 2025 Top 10 Cryptocurrencies Beyond Bitcoin Worth Watching in 2025 While...
  6. Blue Origin Now Accepts Cryptocurrency For Space Tourism Tickets Blue Origin Now Accepts Cryptocurrency for Space Tourism Tickets Blue...
  7. Eric Trump Explains Why The Trump Family Embraced Cryptocurrency Amid Banking Challenges Eric Trump, Executive Vice President of the Trump Organization, recently...

Table of Contents

Table of Contents