North Korea Linked to Over Half of 2025 Crypto Heist Losses
TRM has published new research showing that North Korea-linked actors were responsible for more than half of the US$2.7 billion stolen in cryptocurrency hacks in 2025, marking the regime as the single most dominant and sophisticated threat actor in the crypto theft ecosystem.
For years, North Korea has used crypto theft to fund weapons proliferation, evade sanctions, and pursue destabilising activities.
Notably, high-value heists in 2023–2025 have shifted from exploiting smart-contract flaws to targeting the operational infrastructure of exchanges and custodial services. Single points of failure in these systems allow access to large sums.
Source: TRM
TRM attributes several major incidents to the regime, including Atomic Wallet, CoinsPaid, Alphapo, Stake.com, CoinEx, and the February 2025 Bybit exploit.
North Korean operators typically gain entry through social engineering.
They use fake job offers or investment pitches to compromise developer systems and extract wallet keys.
Once assets are stolen, they are laundered through a complex network known as the “Chinese Laundromat.”
This network comprises brokers, money transmitters, and trade-based intermediaries.
TRM notes that this process now occurs end-to-end with Chinese actors.
Funds move across chains, exchanges, and jurisdictions, often converting into stablecoins such as USDT on Tron before settlement in yuan, goods, or payments to North Korean front companies.
Source: TRM
Therefore, for exchanges and financial institutions, this evolution collapses traditional silos between cybersecurity and AML.
Static blocklists are insufficient; effective detection requires monitoring cross-chain flows and nested service counterparts, while pairing hardware-secured key storage with tiered withdrawal policies and privileged-access segmentation.
Overall, North Korea’s operations reflect the industrialisation of crypto theft.
They blend cyber activity, intelligence support, and outsourced laundering to create a state-directed revenue system.
As stablecoins and crypto payments grow, tracing stolen assets becomes increasingly complex.
This highlights the need for coordinated, cross-border measures to counter these structured, high-volume operations.
Featured image credit: Edited by Fintech News Hong Kong, based on image by aukid via Freepik
The post North Korea Linked to Over Half of 2025 Crypto Heist Losses appeared first on Fintech Hong Kong.
You May Also Like
Trading time: Tonight, the US GDP and the upcoming non-farm data will become the market focus. Institutions are bullish on BTC to $120,000 in the second quarter.
Wormhole token soars following tokenomics overhaul, W reserve launch
Wormhole’s native token has had a tough time since launch, debuting at $1.66 before dropping significantly despite the general crypto market’s bull cycle. Wormhole, an interoperability protocol facilitating asset transfers between blockchains, announced updated tokenomics to its native Wormhole (W) token, including a token reserve and more yield for stakers. The changes could affect the protocol’s governance, as staked Wormhole tokens allocate voting power to delegates.According to a Wednesday announcement, three main changes are coming to the Wormhole token: a W reserve funded with protocol fees and revenue, a 4% base yield for staking with higher rewards for active ecosystem participants, and a change from bulk unlocks to biweekly unlocks.“The goal of Wormhole Contributors is to significantly expand the asset transfer and messaging volume that Wormhole facilitates over the next 1-2 years,” the protocol said. According to Wormhole, more tokens will be locked as adoption takes place and revenue filters back to the company.Read more