Synopsis: North Korea’s state-sponsored hackers, such as the Lazarus Group, have taken cybercrimes and crypto theft to a whole other level, using it to fund the regime’s nuclear program. According to the available data, North Korea has managed to steal over $2 billion from various cryptocurrencies in 2025.
As of April 16, 2026, the crypto space remains the only “ATM” for the North Korean government. As evidenced by the unprecedented $1.5 billion Bybit heist that took place in early 2025, Democratic People’s Republic of Korea (DPRK) hackers have come up with a strategy that focuses on hacking large exchanges instead of decentralized protocols and their small counterparts.
What is more important, they operate in a very brazen manner, using social engineering and laundering mechanisms that law enforcement agencies find it hard to face.
The “Industrialization” of Hacking
DPRK hackers have started working with people and platforms. In addition to searching for software vulnerabilities, hackers have started embedding talented IT employees into the target companies. This makes it much easier for them to conduct attacks from within because of having direct access to internal resources.
Most recently, hackers have begun using “fake recruiting”. They pretend to be recruiters of AI and Web3 companies via Linkedin in order to encourage developers to download “technical screens”. These “screens” are, however, malware; once having access to one workstation, they quickly hack private keys and empty vaults of exchanges in mere minutes.
Impact on Investors
Short-term Traders
- Sudden Liquidity Shock: A massive heist such as Bybit’s or Drift’s can instantly drop the protocol’s worth by 50%, making it impossible to unwind investments.
- Laundering Volatility: Chain-hopping of assets causes sudden increases in prices of small tokens.
Long-term Investors
- Institutional Risk: Centralised Exchanges are now the major targets for hackers; therefore, cold storage might become the best option.
- Regulatory backlash: Constant stealing can provide governments with necessary “fuel” for making restrictive legislative decisions in order to protect national interests.
Advantages, Key Risks and Catalysts to Watch
Advantages
- Sanction evasion: Crypto allows obtaining a revenue stream that bypasses the traditional system of payments and USD currency.
- The “Chinese Laundromat”: DPRK actors use sophisticated laundering services provided by Chinese Over-the-Counter (OTC) brokers, ensuring anonymity of hackers outside the blockchain system.
- Low Risk, High Reward: Contrary to bank robberies, cybercrimes can be conducted safely and without any risks of arrest from Pyongyang.
Key Risks
- Wallet blacklisting: Hackers wallets might be identified and frozen; thus, rendering all stolen money useless.
- Reputation risks: The continuous wave of theft can result in the massive exodus of retail users from exchanges, reducing the market capitalization.
- Advanced AI defences: Exchanges are beginning to employ AI systems capable of identifying fingerprints of North Korean hackers.
Catalysts to Watch
- New Security Standards: Look out for the adoption of the Level 4 standards of IT security in Asia.
- Huione group sanctions: The attempts of the US to sanction Cambodia-based Huione group can considerably slow down the laundering process.
- Protocol “Circuit breakers”: The implementation of the mechanism preventing a total drain of the exchange vaults.
Outlook
Industrial hacking North Korea has managed to turn cryptocurrency heists into an entire industry supported by the state government. The main problem lies in the fact that cryptocurrencies represent an easily-accessible liquid source of money, making them vulnerable targets for North Korean hackers. Therefore, investors must pay attention to the protection of their assets through exchanges using hardware-secured keys and a tiered withdrawal process.
Written by Ansh Kapoor
