The total amount of losses in the reporting period amounted to a record $2,1 billion

DPRK hackers stole $1,6 billion worth of cryptocurrencies in 2025

27.06.2025 - 16:15

573

3 min

What’s new? Crypto investors lost more than $2,1 billion due to hacks and exploits of trading platforms in the first half of the year, the worst result in the industry’s history. In terms of total damage, the 75 reported incidents exceeded the previous high of the first half of 2022 by 10% and nearly equaled the total for the entire year 2024, according to the TRM Labs report.

TRM Labs report

What else is known? Researchers say North Korea-linked hacker groups are responsible for $1,6 billion in cryptocurrency theft, accounting for 70% of the total loss since the beginning of the year.

The largest incident not only this year, but also in the entire history of the crypto industry was the February hack of the centralized crypto exchange Bybit by Beng Zhou for $1,5 billion, which is attributed to hackers from North Korea.

Hackers from the DPRK laundered $1,5 billion in a year

Hackers from the DPRK laundered $1,5 billion in a year

The funds were stolen from centralized crypto exchanges

Read more

However, crypto projects are threatened not only by the DPRK authorities. On June 18, the pro-Israeli group Gonjeshke Darande stole $90 million from Iranian exchange Nobitex, presumably in retaliation for the platform’s help in evading sanctions.

The stolen funds were sent to addresses with no opportunity to spend the funds, effectively burning them, which speaks in favor of a political motive rather than a desire to make a profit.

US Justice Department has filed a lawsuit to seize the proceeds of blockchain developers from the DPRK

US Justice Department has filed a lawsuit to seize the proceeds of blockchain developers from the DPRK

In question is the amount of $7,74 million frozen as a result of the 2023 investigation

Read more

The report’s authors also write that more than 80% of the stolen funds came from infrastructure-level breaches, including private key theft and interface hacks.

These attacks, which often involve social engineering or insider access, are proving to be ten times more lucrative than traditional smart contract exploits.

The share of damage from DeFi protocol exploits, including instant loans and re-entry attacks that were prevalent between 2021 and 2022, accounted for only 12% of the total.

Subscribe to Getblock Magazine and stay up to date with the latest news from the world of cryptocurrencies and the digital economy