By cryptoadmin 
Crypto-related cybercrime tied to North Korea reached an unprecedented scale in 2025.
Data published by Chainalysisshows that hacking groups linked to the Democratic People’s Republic of Korea were responsible for $2.02 billion in stolen digital assets over the year, the highest annual total ever recorded.
The figure represents a sharp escalation from 2024, with losses rising by $681 million year over year.
Long-Term Trend Shows Acceleration, Not Spikes
Looking across the 2016–2025 period, the data reveals a clear evolution. Early years show relatively limited activity, followed by rapid expansion during major crypto growth cycles. While there were temporary pullbacks, the broader trajectory points upward.
By 2025, annual losses surpassed the $2 billion threshold for the first time. This was not driven by a single anomaly, but by repeated large-scale breaches.
Dominance In Global Crypto Hacks
The most striking shift is not just the total value stolen, but North Korea’s growing share of global crypto service hacks. Chainalysis data indicates that DPRK-linked actors now account for a larger portion of total global compromises than at any point in the past decade.
This reflects increasing concentration. Fewer actors are responsible for a greater share of total losses, suggesting rising sophistication and operational efficiency.
2025 Marks A Step-Change In Activity
The jump from 2024 to 2025 stands out. The additional $681 million in losses points to larger attack sizes and sustained campaigns rather than isolated incidents. Targets increasingly included high-value centralized services, bridges, and custodial platforms.
The pattern indicates scaling capability, not opportunistic theft.
What The Numbers Ultimately Show
The data underscores a critical reality for the crypto industry. As infrastructure grows in value and complexity, state-linked threat actors are scaling alongside it. Security risk is no longer purely technical or financial. It is geopolitical.
With 2025 now the worst year on record for DPRK-linked crypto theft, the figures serve as a benchmark for both regulators and platforms. The threat environment is intensifying, not stabilizing—and security assumptions built on past cycles may no longer be sufficient.