North Korean Hackers Seize $1.5B in Record Crypto Heist Year
KO YONG-CHUL Reporter
korocamia@naver.com | 2025-12-21 20:54:10
(C) Techradar
SEOUL — Global cryptocurrency losses from hacking have reached a staggering $2.7 billion (approx. 3.99 trillion KRW) in 2025, with North Korean state-sponsored actors identified as the perpetrators behind more than half of the total stolen value. According to a year-end report by blockchain intelligence firm TRM Labs, Pyongyang has evolved its tactics from targeting decentralized protocols to launching massive strikes against centralized exchanges (CEX).
The Pivot to Centralized Exchanges
The report highlights a strategic shift in North Korea’s cyber-warfare. While previous years focused on the vulnerabilities of Decentralized Finance (DeFi), the 2025 data shows a "whale-hunting" approach. The most prominent example occurred in February, when the cryptocurrency exchange Bybit was compromised, resulting in a $1.5 billion loss in a single breach. This incident alone accounts for a significant portion of the year’s total damages.
Sophisticated "Code to Custody" Tactics
The methods employed by North Korean hackers have reached new levels of sophistication. Investigators described a "Code to Custody" strategy, where hackers pose as recruiters or investors on professional platforms. By offering fake job opportunities or lucrative investment deals to exchange developers, they deploy malware-laden files to gain entry into the internal systems of major trading platforms.
The "Chinese Laundromat" Network
As international sanctions have tightened around traditional "mixing" services, North Korea has increasingly relied on what experts call the "Chinese Laundromat." This industrialized underground financial network consists of:
OTC Brokers: Over-the-counter traders who convert crypto to fiat.
Underground Bankers: Middlemen facilitating large-scale transfers across borders.
Shell Companies: Using trade-based money laundering to funnel funds back into North Korean weapon programs.
"North Korea’s hacking is no longer a series of isolated incidents; it is a highly specialized, state-level operation with clear strategic goals," said Chris Wong, a former FBI agent and current investigator at TRM Labs. He emphasized that global cooperation and real-time tracking are now more critical than ever to disrupt these illicit financial flows.
WEEKLY HOT
- 1The flowers at Magok Seoul Botanic Garden are blessing the approach of spring.
- 2Spring has already arrived at Incheon Grand Park, and the flowers are bursting into bloom.
- 3Iran’s Retaliation Deals $800M Blow to U.S. Bases; Key Missile Defense Systems Hit
- 4Trump Deploys ICE to Airports as Budget Standoff Leaves Security Understaffed
- 5Naver D2SF Launches 18th Campus Tech Startup Competition to Foster Next-Gen Innovators
- 6Vishay Unveils Ultra-Compact 0404 RGB LED with Independent Chip Control for Enhanced Color Precision