North Korea’s crypto theft ecosystem expands IT worker infiltration into crypto services
Threat Actor Meta
Summary
Hide ▲
Show ▼
North Korea / DPRK threat actors expanded their crypto-theft model in 2025, using IT worker infiltration to gain privileged access inside exchanges, custodians, and web3 firms. The shift helped drive $2bn+ stolen in the year, with DPRK responsible for 60% of stolen funds and 76% of service compromises in the measured period. The pattern matters because it shows a more scalable insider-access approach that can speed initial compromise and lateral movement before large-value theft.
Related Happenings
2025 Record surge in illicit cryptocurrency flows and cybercrime-related inflows
Target Trend
First: 30.01.2026 20:49
Last: 30.01.2026 20:49
Sources 1
About this happening:
**Illegal cryptocurrency flows** surged to a record **$158 billion** in **2025**, reversing a multi-year decline and signaling a broader resurgence in illicit on-chain activity. T...
2025 Record surge in illicit cryptocurrency flows and cybercrime-related inflows
Target TrendAbout this happening: **Illegal cryptocurrency flows** surged to a record **$158 billion** in **2025**, reversing a multi-year decline and signaling a broader resurgence in illicit on-chain activity. T...
Chen Zhi arrest and extradition in Cambodia-China scam-compound case
Law Enforcement
First: 20.01.2026 12:00
Last: 20.01.2026 12:00
Sources 1
About this happening:
On **January 6, 2026**, **joint Cambodian/Chinese authorities** **arrested and extradited** **Chen Zhi** in a **cybercrime-linked scam-compound** case. The move sent the matter in...
Chen Zhi arrest and extradition in Cambodia-China scam-compound case
Law EnforcementAbout this happening: On **January 6, 2026**, **joint Cambodian/Chinese authorities** **arrested and extradited** **Chen Zhi** in a **cybercrime-linked scam-compound** case. The move sent the matter in...
Record illicit crypto wallet inflows in 2025 despite lower share of blockchain flows
Target Trend
First: 12.01.2026 12:15
Last: 12.01.2026 12:15
Sources 1
About this happening:
**Illicit crypto wallets** received an estimated **$158bn** in **2025**, the highest level seen in five years, even as their share of total crypto activity fell. The increase refl...
Record illicit crypto wallet inflows in 2025 despite lower share of blockchain flows
Target TrendAbout this happening: **Illicit crypto wallets** received an estimated **$158bn** in **2025**, the highest level seen in five years, even as their share of total crypto activity fell. The increase refl...
DPRK-linked crypto theft surge against global cryptocurrency services in 2025
Target Trend
First: 18.12.2025 03:00
Last: 18.12.2025 03:00
Sources 1
About this happening:
**DPRK-linked** actors drove a **record surge** in **global cryptocurrency theft** in 2025, sharply increasing risk for exchanges, custodians, and Web3 firms. They accounted for a...
DPRK-linked crypto theft surge against global cryptocurrency services in 2025
Target TrendAbout this happening: **DPRK-linked** actors drove a **record surge** in **global cryptocurrency theft** in 2025, sharply increasing risk for exchanges, custodians, and Web3 firms. They accounted for a...
North Korean cryptocurrency theft campaign using social engineering
Campaign
First: 08.10.2025 14:09
Last: 08.10.2025 14:09
Sources 1
How related:
North Korea has now amassed over $6.7bn in crypto after targeting the industry over the past decade, with the hermit nation stealing a record $2bn+ in 2025, according to Chainalysis.
About this happening:
A **North Korean** cryptocurrency theft campaign stole **more than $2 billion** in the **first nine months of 2025**, setting a new annual record and raising the stakes for exchan...
North Korean cryptocurrency theft campaign using social engineering
CampaignHow related: North Korea has now amassed over $6.7bn in crypto after targeting the industry over the past decade, with the hermit nation stealing a record $2bn+ in 2025, according to Chainalysis.
About this happening: A **North Korean** cryptocurrency theft campaign stole **more than $2 billion** in the **first nine months of 2025**, setting a new annual record and raising the stakes for exchan...
Timeline
-
18.12.2025 15:00 2 articles · 5mo ago
Chainalysis reports DPRK crypto theft scale and IT worker infiltration
Initial DisclosureChainalysis assessed that North Korea had amassed over $6.7bn in crypto after a decade of targeting the industry, including a record $2bn+ stolen in 2025 and $1.5bn taken from Bybit in what it described as the world’s largest cryptocurrency heist to date. The assessment said DPRK actors accounted for 60% of funds stolen from January to early December 2025 and 76% of service compromises, increasingly embedding IT workers inside exchanges, custodians, and web3 firms to gain privileged access, speed initial access and lateral movement, and enable high-impact compromises. It also said the actors rely heavily on Chinese-language services, cross-chain bridges, mixing services, and specialized services such as Huione, while thefts from individual victims rose in number but declined in total value in 2025.
Show sources
- North Korea Steals Over $2bn in Crypto in 2025 — www.infosecurity-magazine.com — 18.12.2025 15:00
- North Korea Steals Over $2bn in Crypto in 2025 — www.infosecurity-magazine.com — 18.12.2025 15:00