North Korea has now amassed over $6.7bn in crypto after targeting the industry over the past decade, with the hermit nation stealing a record $2bn+ in 2025, according to Chainalysis.
The blockchain analysis specialist revealed the news in the first excerpt from its forthcoming 2026 Crypto Crime Report.
It showed that North Korea remains the biggest crypto threat actor, accounting for 60% of the funds stolen from January to early December 2025. In fact, its cyber-attack on Bybit alone led to the theft of $1.5bn, in what is the world’s largest cryptocurrency heist to date.
Hackers from the East Asian autocracy tend to focus on large services and aim for maximum impact, the report claimed. They accounted for a record 76% of all service compromises in the period.
“North Korean threat actors are increasingly achieving these outsized results often by embedding IT workers – one of DPRK’s principal attack vectors – inside crypto services to gain privileged access and enable high‑impact compromises,” Chainalysis explained.
“Part of this record year likely reflects an expanded reliance on IT worker infiltration at exchanges, custodians, and web3 firms, which can accelerate initial access and lateral movement ahead of large-scale theft.”
Read more on crypto heists: Crypto-Hackers Steal $2.2bn as North Koreans Dominate
Their preferences for laundering these funds differ from many threat actors, the report continued. They rely heavily on Chinese language services and networks, and apparently use cross-chain bridges, mixing services and specialized services like Huione more than others.
The figures for North Korea’s crypto haul this year chime with market analysis from London-based Elliptic.
Personal Wallets at Greater Risk
The report also revealed a growing threat to individuals this year, as more people adopt cryptocurrency.
The number of recorded thefts tripled from 2022 to reach 158,000 in 2025, with unique victims increasing from 40,000 to 80,000 in the period, Chainalysis claimed.
However, the total value stolen from individual victims actually declined from a peak of $1.5bn last year to $713m in 2025. Personal wallet compromises now account for 20% of all value stolen in 2025, down from 44% in 2024.
“This suggests that attackers are targeting more users, but stealing smaller amounts per victim,” the report noted.
Ethereum and Tron recorded the highest rates of theft, with Base and Solana much lower, despite large user numbers.
“The variation in victimization rates across chains with similar technical architectures suggests that factors beyond technology – such as user demographics, popular applications, and criminal infrastructure – play important roles in determining theft rates,” Chainalysis explained.
