DPRK-linked crypto theft surge against global cryptocurrency services in 2025
Trend
Summary
Hide ▲
Show ▼
DPRK-linked actors drove a record surge in global cryptocurrency theft in 2025, sharply increasing risk for exchanges, custodians, and Web3 firms. They accounted for at least $2.02 billion of more than $3.4 billion stolen from January through early December, and the activity made up 76% of service compromises. The trend matters because the same ecosystem is using IT worker infiltration and structured laundering to scale access and cash-out across the sector.
Related Happenings
Growing US internet crime losses and complaints in 2025
Trend
H score52
First: 07.04.2026 15:00
Last: 07.04.2026 15:00
Sources 1
About this happening:
**US internet crime victims** saw **losses rise above $17.7 billion** in **2025**, with **over a million complaints** to IC3 and **cryptocurrency investment scams** leading losses...
Growing US internet crime losses and complaints in 2025
TrendAbout this happening: **US internet crime victims** saw **losses rise above $17.7 billion** in **2025**, with **over a million complaints** to IC3 and **cryptocurrency investment scams** leading losses...
Chinese-language money alliance reshapes ransomware ecosystem operations
Threat Actor Meta
H score23
First: 16.02.2026 12:30
Last: 16.02.2026 12:30
Sources 1
About this happening:
**Trafficking-linked crypto payments** are increasingly routed through **Telegram-based CMLN services**, **scam compounds**, and **online casinos**, expanding the scale and resili...
Chinese-language money alliance reshapes ransomware ecosystem operations
Threat Actor MetaAbout this happening: **Trafficking-linked crypto payments** are increasingly routed through **Telegram-based CMLN services**, **scam compounds**, and **online casinos**, expanding the scale and resili...
2025 Record surge in illicit cryptocurrency flows and cybercrime-related inflows
Trend
H score33
First: 30.01.2026 20:49
Last: 30.01.2026 20:49
Sources 1
About this happening:
**Illegal cryptocurrency flows** surged to a record **$158 billion** in **2025**, reversing a multi-year decline and signaling a broader resurgence in illicit on-chain activity. T...
2025 Record surge in illicit cryptocurrency flows and cybercrime-related inflows
TrendAbout this happening: **Illegal cryptocurrency flows** surged to a record **$158 billion** in **2025**, reversing a multi-year decline and signaling a broader resurgence in illicit on-chain activity. T...
Chinese money ecosystem shift changes threat-actor operations
Threat Actor Meta
H score28
First: 28.01.2026 12:30
Last: 28.01.2026 12:30
Sources 1
About this happening:
**Chinese money laundering networks (CMLNs)** now include **Xinbi**, a Chinese-language marketplace the **UK’s FCDO** sanctioned for selling **stolen data** and **satellite intern...
Chinese money ecosystem shift changes threat-actor operations
Threat Actor MetaAbout this happening: **Chinese money laundering networks (CMLNs)** now include **Xinbi**, a Chinese-language marketplace the **UK’s FCDO** sanctioned for selling **stolen data** and **satellite intern...
Latest development: 26.03.2026 17:42
The UK’s FCDO sanctioned Xinbi, a Chinese-language online marketplace that sells stolen data and satellite internet equipment to scam networks in Southeast Asia, and also targeted #8 Park and Legend Innovation Co as part of the same action; Xinbi is believed to have helped North Korean threat actors launder cryptocurrency stolen in large heists, and Chainalysis says it processed over $19.9 billion between 2021 and 2025.
Record crypto-fraud losses rise with AI-driven impersonation
Trend
H score43
First: 14.01.2026 12:00
Last: 14.01.2026 12:00
Sources 1
About this happening:
**Cryptocurrency fraud** is surging as scammers use **AI chatbots** and **brand impersonation** to widen victim reach and raise payout sizes. A **Malwarebytes Labs** analysis foun...
Record crypto-fraud losses rise with AI-driven impersonation
TrendAbout this happening: **Cryptocurrency fraud** is surging as scammers use **AI chatbots** and **brand impersonation** to widen victim reach and raise payout sizes. A **Malwarebytes Labs** analysis foun...
Timeline
-
18.12.2025 03:00 2 articles · 6mo ago
DPRK-linked crypto theft reaches record 2025 levels
Campaign Scope UpdateDPRK-linked threat actors drove a record surge in global cryptocurrency theft in 2025, stealing at least $2.02 billion from exchanges, custodians, and Web3 firms and accounting for 76% of all service compromises; the largest single loss was the February compromise of Bybit, which accounted for $1.5 billion, while stolen funds were laundered through mixers, cross-chain bridges, Huione, and Chinese-language money movement and guarantee services.
Show sources
- North Korea-Linked Hackers Steal $2.02 Billion in 2025, Leading Global Crypto Theft — thehackernews.com — 18.12.2025 03:00
- North Korea-Linked Hackers Steal $2.02 Billion in 2025, Leading Global Crypto Theft — thehackernews.com — 18.12.2025 03:00