CertiK reports North Korea stole $2.06B in crypto in 2025, accounting for 60% of global hack losses, funding nuclear programs. (Read More)CertiK reports North Korea stole $2.06B in crypto in 2025, accounting for 60% of global hack losses, funding nuclear programs. (Read More)

North Korea Linked to $2B in Crypto Hacks in 2025: CertiK

For feedback or concerns regarding this content, please contact us at crypto.news@mexc.com

North Korea Linked to $2B in Crypto Hacks in 2025: CertiK

Peter Zhang May 12, 2026 14:00

CertiK reports North Korea stole $2.06B in crypto in 2025, accounting for 60% of global hack losses, funding nuclear programs.

North Korea Linked to $2B in Crypto Hacks in 2025: CertiK

North Korea-linked hackers were responsible for approximately $2.06 billion in cryptocurrency thefts in 2025, accounting for 60% of global crypto hack losses, according to blockchain security firm CertiK. The stolen funds reportedly played a key role in financing the country’s nuclear and missile programs, highlighting the nation’s increasing reliance on illicit digital asset operations for state revenue.

The findings are part of CertiK’s latest Skynet report, which tracked $3.4 billion in total crypto-related security breaches across 656 incidents during 2025. North Korea-linked groups were involved in just 12% of these incidents but accounted for the majority of the overall value stolen. CertiK described this as a shift toward "precision and scale," with fewer attacks targeting larger pools of capital.

The most significant heist of the year, the Bybit exploit in February 2025, resulted in $1.5 billion in losses. CertiK attributed the attack to North Korea’s TraderTraitor cluster, which leveraged a supply chain compromise of a third-party signing provider. Onchain analysis found that 86% of the stolen Ether was converted into Bitcoin within 30 days, utilizing a combination of mixing services, cross-chain bridges, and OTC brokers to obscure the funds’ origins.

From Phishing to Physical Infiltration

CertiK’s report also highlights a notable evolution in hacking tactics. While social engineering remains a core strategy—examples include fake job offers and malware-laden PDFs—recent operations have incorporated more sophisticated methods, including physical infiltration. The April 2026 Drift Protocol exploit, which drained $285 million from a Solana-based platform, involved a six-month campaign with attackers attending conferences, building relationships, and exploiting governance mechanisms.

Jonathan Riss, a blockchain intelligence analyst at CertiK, warned that North Korean IT workers, often posing as legitimate professionals, are infiltrating Western crypto and fintech companies. These trusted insider roles allow them to execute highly targeted attacks.

A Broader Security Threat

Beyond financial damage, the report underscores the geopolitical implications of these thefts. Both United Nations monitors and U.S. intelligence assessments confirm that proceeds from North Korea’s crypto operations are funneled into its nuclear and ballistic missile programs. CertiK’s analysis suggests that cryptocurrency theft has become a core pillar of the regime’s external income strategy, effectively "industrializing" these operations.

Since 2016, North Korean-linked hackers have reportedly stolen $6.75 billion across 263 documented incidents, according to onchain researcher Taylor Monahan. The scale and sophistication of these operations elevate them from a cybersecurity issue to an international security concern.

As digital assets grow in prominence, the risks associated with state-sponsored cybercrime are expected to increase. CertiK predicts that tools like deepfakes and supply chain attacks will further fuel crypto-related losses in 2026, posing ongoing challenges for the industry and global regulators.

Image source: Shutterstock
  • north korea
  • crypto hacks
  • certik
  • cybersecurity
  • nuclear funding

World Cup Combo: Aim for 200x

World Cup Combo: Aim for 200xWorld Cup Combo: Aim for 200x

Combine up to 20 World Cup matches in one order

Disclaimer: The articles reposted on this site are sourced from public platforms and are provided for informational purposes only. They do not necessarily reflect the views of MEXC. All rights remain with the original authors. If you believe any content infringes on third-party rights, please contact crypto.news@mexc.com for removal. MEXC makes no guarantees regarding the accuracy, completeness, or timeliness of the content and is not responsible for any actions taken based on the information provided. The content does not constitute financial, legal, or other professional advice, nor should it be considered a recommendation or endorsement by MEXC.

You May Also Like

Ink Token Listing Date Near as Mining End Announced by cPen Network

Ink Token Listing Date Near as Mining End Announced by cPen Network

Ink Token Listing Date Near: Mining End in July 2026, cPen Network SayThe cPen Network set a firm date this week. INK mining stops on July 30, 2026. That single
Share
Coingabbar2026/07/02 13:15
CRCL Selloff Explained: Russell Growth Removal and Open USD Pressure Reprice Circle’s Stablecoin Story

CRCL Selloff Explained: Russell Growth Removal and Open USD Pressure Reprice Circle’s Stablecoin Story

Circle Internet Group ($CRCL) came under pressure after being removed from several Russell Growth-related benchmarks during the latest Russell reconstitution. The index move matters because many passive funds, benchmark-aware portfolios, and rules-based institutional mandates use Russell indexes as part of their portfolio construction. When a stock leaves a widely followed benchmark, some investors may need to rebalance exposure, even if their long-term view of the company has not changed. But the Russell adjustment is only one part of the story. The deeper issue is that the market is reassessing Circle’s identity as a public stock. Is CRCL still being valued as a high-growth crypto infrastructure leader, or is the market starting to treat it more like a financial infrastructure company whose economics depend on interest rates, reserve income, stablecoin distribution, and competitive pressure? That debate became more urgent after the launch of Open USD, a new stablecoin initiative backed by a consortium involving major payments and crypto players, including Visa, Mastercard, and Coinbase. Reuters reported that Open Standard brings together more than 140 businesses and plans to issue Open USD, a U.S.-dollar-pegged stablecoin expected to go live later this year. For traders, the key question is whether the recent CRCL selloff is mostly technical index-related pressure, or whether it marks a broader valuation reset for the first major stablecoin stock.
Share
MEXC NEWS2026/07/02 15:58
Japanese Tech Giant’s Ambitious Bitcoin Accumulation

Japanese Tech Giant’s Ambitious Bitcoin Accumulation

The post Japanese Tech Giant’s Ambitious Bitcoin Accumulation appeared on BitcoinEthereumNews.com. Tokyo-based Metaplanet has made a major move in the cryptocurrency
Share
BitcoinEthereumNews2026/04/02 17:47