Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

DPRK-linked crypto theft surge against global cryptocurrency services in 2025

Target Trend
First reported
Last updated
Happening score
H score 41
1 unique sources, 1 articles

Summary

Hide ▲

DPRK-linked actors drove a record surge in global cryptocurrency theft in 2025, sharply increasing risk for exchanges, custodians, and Web3 firms. They accounted for at least $2.02 billion of more than $3.4 billion stolen from January through early December, and the activity made up 76% of service compromises. The trend matters because the same ecosystem is using IT worker infiltration and structured laundering to scale access and cash-out across the sector.

Related Happenings

Chinese-language money alliance reshapes ransomware ecosystem operations

Threat Actor Meta
First: 16.02.2026 12:30 Last: 16.02.2026 12:30 Sources 1

About this happening: **Trafficking-linked crypto payments** are increasingly routed through **Telegram-based CMLN services**, **scam compounds**, and **online casinos**, expanding the scale and resili...

Open Happening

2025 Record surge in illicit cryptocurrency flows and cybercrime-related inflows

Target Trend
First: 30.01.2026 20:49 Last: 30.01.2026 20:49 Sources 1

About this happening: **Illegal cryptocurrency flows** surged to a record **$158 billion** in **2025**, reversing a multi-year decline and signaling a broader resurgence in illicit on-chain activity. T...

Open Happening

Chinese money ecosystem shift changes threat-actor operations

Threat Actor Meta
First: 28.01.2026 12:30 Last: 28.01.2026 12:30 Sources 1

About this happening: **Chinese money laundering networks (CMLNs)** now include **Xinbi**, a Chinese-language marketplace the **UK’s FCDO** sanctioned for selling **stolen data** and **satellite intern...

Latest development: 26.03.2026 17:42

The UK’s FCDO sanctioned Xinbi, a Chinese-language online marketplace that sells stolen data and satellite internet equipment to scam networks in Southeast Asia, and also targeted #8 Park and Legend Innovation Co as part of the same action; Xinbi is believed to have helped North Korean threat actors launder cryptocurrency stolen in large heists, and Chainalysis says it processed over $19.9 billion between 2021 and 2025.

Open Happening

Record crypto-fraud losses rise with AI-driven impersonation

Target Trend
First: 14.01.2026 12:00 Last: 14.01.2026 12:00 Sources 1

About this happening: **Cryptocurrency fraud** is surging as scammers use **AI chatbots** and **brand impersonation** to widen victim reach and raise payout sizes. A **Malwarebytes Labs** analysis foun...

Open Happening

Record illicit crypto wallet inflows in 2025 despite lower share of blockchain flows

Target Trend
First: 12.01.2026 12:15 Last: 12.01.2026 12:15 Sources 1

About this happening: **Illicit crypto wallets** received an estimated **$158bn** in **2025**, the highest level seen in five years, even as their share of total crypto activity fell. The increase refl...

Open Happening

Timeline

  1. 18.12.2025 03:00 2 articles · 5mo ago

    DPRK-linked crypto theft reaches record 2025 levels

    Campaign Scope Update

    DPRK-linked threat actors drove a record surge in global cryptocurrency theft in 2025, stealing at least $2.02 billion from exchanges, custodians, and Web3 firms and accounting for 76% of all service compromises; the largest single loss was the February compromise of Bybit, which accounted for $1.5 billion, while stolen funds were laundered through mixers, cross-chain bridges, Huione, and Chinese-language money movement and guarantee services.

    Show sources
    Open in new tab