North Korean crypto-heist targeting shifts toward wealthy individuals and exchange staff in 2025
Target Trend
Summary
Hide ▲
Show ▼
North Korean crypto theft shifted in 2025 from business targets to individuals with large holdings and exchange employees, increasing the risk of social-engineering-driven compromise across the sector. The change matters because these actors stole a record $2 billion this year, nearly triple 2024. Analysts also tied the activity to 30 crypto-heists and a confirmed cumulative total of more than $6 billion. The pattern suggests less reliance on exploiting DeFi infrastructure flaws and more focus on people with privileged access or valuable wallets.
Related Happenings
Chinese-language money alliance reshapes ransomware ecosystem operations
Threat Actor Meta
First: 16.02.2026 12:30
Last: 16.02.2026 12:30
Sources 1
About this happening:
**Trafficking-linked crypto payments** are increasingly routed through **Telegram-based CMLN services**, **scam compounds**, and **online casinos**, expanding the scale and resili...
Chinese-language money alliance reshapes ransomware ecosystem operations
Threat Actor MetaAbout this happening: **Trafficking-linked crypto payments** are increasingly routed through **Telegram-based CMLN services**, **scam compounds**, and **online casinos**, expanding the scale and resili...
BlueNoroff spear-phishing campaign uses typosquatted Zoom, Teams, and Calendly lures against crypto firms
Campaign
First: 11.02.2026 00:17
Last: 11.02.2026 00:17
Sources 1
About this happening:
**BlueNoroff**, a **North Korea-linked Lazarus Group** subgroup, ran a **large-scale spear-phishing campaign** against **100+ cryptocurrency organizations** in **20+ countries** b...
BlueNoroff spear-phishing campaign uses typosquatted Zoom, Teams, and Calendly lures against crypto firms
CampaignAbout this happening: **BlueNoroff**, a **North Korea-linked Lazarus Group** subgroup, ran a **large-scale spear-phishing campaign** against **100+ cryptocurrency organizations** in **20+ countries** b...
2025 Record surge in illicit cryptocurrency flows and cybercrime-related inflows
Target Trend
First: 30.01.2026 20:49
Last: 30.01.2026 20:49
Sources 1
About this happening:
**Illegal cryptocurrency flows** surged to a record **$158 billion** in **2025**, reversing a multi-year decline and signaling a broader resurgence in illicit on-chain activity. T...
2025 Record surge in illicit cryptocurrency flows and cybercrime-related inflows
Target TrendAbout this happening: **Illegal cryptocurrency flows** surged to a record **$158 billion** in **2025**, reversing a multi-year decline and signaling a broader resurgence in illicit on-chain activity. T...
Chinese money ecosystem shift changes threat-actor operations
Threat Actor Meta
First: 28.01.2026 12:30
Last: 28.01.2026 12:30
Sources 1
About this happening:
**Chinese money laundering networks (CMLNs)** now include **Xinbi**, a Chinese-language marketplace the **UK’s FCDO** sanctioned for selling **stolen data** and **satellite intern...
Chinese money ecosystem shift changes threat-actor operations
Threat Actor MetaAbout this happening: **Chinese money laundering networks (CMLNs)** now include **Xinbi**, a Chinese-language marketplace the **UK’s FCDO** sanctioned for selling **stolen data** and **satellite intern...
Latest development: 26.03.2026 17:42
The UK’s FCDO sanctioned Xinbi, a Chinese-language online marketplace that sells stolen data and satellite internet equipment to scam networks in Southeast Asia, and also targeted #8 Park and Legend Innovation Co as part of the same action; Xinbi is believed to have helped North Korean threat actors launder cryptocurrency stolen in large heists, and Chainalysis says it processed over $19.9 billion between 2021 and 2025.
Chen Zhi arrest and extradition in Cambodia-China scam-compound case
Law Enforcement
First: 20.01.2026 12:00
Last: 20.01.2026 12:00
Sources 1
About this happening:
On **January 6, 2026**, **joint Cambodian/Chinese authorities** **arrested and extradited** **Chen Zhi** in a **cybercrime-linked scam-compound** case. The move sent the matter in...
Chen Zhi arrest and extradition in Cambodia-China scam-compound case
Law EnforcementAbout this happening: On **January 6, 2026**, **joint Cambodian/Chinese authorities** **arrested and extradited** **Chen Zhi** in a **cybercrime-linked scam-compound** case. The move sent the matter in...
Timeline
-
07.10.2025 20:02 3 articles · 7mo ago
North Korean crypto-heist targeting shifts toward wealthy individuals and exchange staff in 2025
Initial DisclosureNorth Korean crypto theft in **2025** pivoted toward **social engineering** aimed at wealthy individuals and exchange staff. The shift away from **DeFi infrastructure** flaws points to a more human-centric compromise strategy.
Show sources
- North Korean hackers stole over $2 billion in crypto this year — www.bleepingcomputer.com — 07.10.2025 20:02
- North Korean hackers stole over $2 billion in crypto this year — www.bleepingcomputer.com — 07.10.2025 20:02
- North Korea Steals Over $2bn in Crypto in 2025 — www.infosecurity-magazine.com — 18.12.2025 15:00