CertiK: North Korean Hackers stole $6.75B from crypto projects
Attackers are using fake job offers, insider infiltration, and malware to steal crypto funds.
15.05.2026 - 10:45
97
3 min
0
Главное:
- CertiK says North Korean hackers remain one of the biggest threats to the global crypto industry.
- Since 2016, groups linked to North Korea have stolen around $6.75 billion through hundreds of attacks.
Blockchain security firm CertiK has released a new report titled Skynet DPRK Crypto Threat Report, warning that North Korean hacking groups are becoming more sophisticated and increasingly difficult to detect.
According to the report, attackers rely heavily on social engineering tactics, fake job offers, insider recruitment within crypto companies, malware deployment, and cross-chain money laundering schemes.
CertiK says North Korean cyber operations remain one of the most serious security threats facing the global crypto industry today.
Since 2016, hackers linked to North Korea have stolen an estimated $6.75 billion across 263 attacks. The real figure could be even higher, as many smaller incidents were never publicly reported.
Hackers from North Korea stole more than $2,8 billion in cryptocurrency
According to the report, the country uses Russian and Asian channels to launder funds and finance nuclear programs
In 2025 alone, North Korea-linked hackers stole approximately $2.06 billion in crypto assets. That accounted for nearly 60% of all crypto funds stolen during the year, despite being responsible for only 12% of reported security incidents.
The trend has continued into 2026. According to CertiK, North Korean groups are tied to roughly 55% of all crypto losses from attacks this year. One of the biggest incidents was the $291 million KelpDAO hack. Since January 2026, the industry has recorded 185 attacks with combined losses of around $1.1 billion.
Largest Hacks and Evolving Attack Tactics
The February 2025 Bybit breach remains the largest crypto theft in history, with attackers stealing $1.5 billion. Other major incidents highlighted in the report include the $625 million Ronin hack and the $285 million Drift exploit.
Following the Bybit attack, hackers converted more than 86% of the stolen Ethereum into Bitcoin in less than a month. To cover their tracks, they used mixers, blockchain bridges, decentralized exchanges, and OTC brokers.
The report also notes that most major attacks no longer begin with smart contract vulnerabilities, but with manipulation of employees. Hackers use fake recruiting campaigns, impersonate investors, and inject malicious code into company infrastructure.
In some cases, North Korean operatives reportedly joined DeFi projects under false identities, gaining access to internal systems and company funds.
Useful material?
Telegram 
Twitter Incidents
The company is linking the incident to a compromised private key on a service wallet, rather than a smart contract exploit
May 22, 2026
Incidents
Following the incident, the project temporarily halted trading operations and node activity.
May 15, 2026
Incidents
The user spent weeks unsuccessfully trying to guess the password until Claude helped find an old wallet backup file
May 14, 2026
Crypto regulations
Authorities are introducing mandatory registration for companies handling cross-border crypto transactions
May 8, 2026
Incidents
According to Blockaid, the attack may have been carried out by the same hacker behind the 1inch Fusion V1 exploit.
May 7, 2026
Incidents
The attacker gained administrative access and altered contracts to drain user funds
Apr 30, 2026
Cryptocurrency rates
-
Bitcoin
$63 142
BTC
+2.55%
-
Ethereum
$2 551.16
ETH
+3.56%
-
BNB Smart Chain
$579.4
BSC
+1.23%
-
Ripple
$1.15
XRP
+2.69%
-
TRON
$0.160134
TRX
-1.59%
-
Dogecoin
$0.085694
DOGE
+2.61%
-
Zcash
$425.94
ZEC
+12.44%
-
Stellar XLM
$0.200583
XLM
-4.53%
-
Cardano
$0.163226
ADA
+1.39%
-
Polkadot
$3.32
DOT
+5.27%