2025-12-19 19:36 |
North Korean state-linked hacks stole at least $2.02 billion in digital assets in 2025, a 51% year-on-year jump, according to Chainalysis.
They accounted for a record 76% of service-level compromises, pushing the DPRK’s lower-bound cumulative haul to $6.75 billion.
Across the market, theft exceeded $3.4 billion from January through early December, propelled by a handful of outsized breaches led by the $1.4 billion hack of Bybit.
Chainalysis said just three incidents made up 69% of losses, underscoring a shift toward fewer but larger attacks.
A record year for crypto hacksChainalysis’ report found that the top three hacks in 2025 comprised 69% of all service losses, with the largest incident exceeding 1,000 times the median theft for the first time.
The firm also highlighted that private key compromises drove 88% of losses in the first quarter, even at organisations with institutional security teams.
The February Bybit breach was the year’s biggest single event at $1.4 billion, setting the tone for an outlier-driven year where a small number of hits caused most of the damage.
Chainalysis said investigators actually confirmed fewer incidents, but the average impact per incident rose.
DPRK tactics: fewer attacks, bigger haulsUnlike other criminal groups, North Korean operators primarily target large centralised services for maximum effect, according to Chainalysis.
The firm said DPRK-linked actors increasingly embed IT workers inside exchanges, custodians, and Web3 firms to gain privileged access that can be leveraged for high-impact compromises.
Chainalysis also described a disciplined laundering playbook that typically unfolds over roughly 45 days after a major theft.
DPRK-linked wallets rely heavily on Chinese-language guarantee services, brokers, and over-the-counter networks, and make extensive use of cross-chain bridges and mixing services, while largely avoiding DeFi lending protocols, decentralized exchanges, and peer-to-peer venues favored by other actors.
Their on-chain behaviour is distinct. Chainalysis said slightly over 60% of DPRK-linked transfers occur in tranches below $500,000, whereas other groups more often move funds in million-dollar or larger batches.
Personal wallets see more incidents, smaller sumsOn the other end of the spectrum, personal wallets have remained a popular target.
Chainalysis said they represented 7.3% of the stolen value in 2022 and 44% in 2024.
In 2025, the share is around 20%, though excluding the Bybit incident, it would be closer to 37%.
The total value taken from individuals fell from $1.5 billion in 2024 to $713 million this year, even as incidents surged to 158,000 with at least 80,000 victims.
Chainalysis said attackers are hitting more users but extracting less per victim.
The post North Korea–linked hackers behind majority of 2025 crypto heists as losses top $3.4B appeared first on Invezz
origin »North Korean Won (KPW) на Currencies.ru
|
