Hackers from the DPRK laundered $1,5 billion in a year
The funds were stolen from centralized crypto exchanges
19.06.2025 - 13:50
471
3 min
0
What’s new? Hackers linked to the North Korean government stole nearly $2 billion from centralized crypto exchanges (CEXs) over the past year. Despite opposition from legitimate market participants, such as freezing stolen assets, hackers have successfully laundered over $1,5 billion.
What else is known? Researcher Tay Monahan attributes a significant portion of these funds, about $1,8 billion, to a series of major CEX hacks such as Bybit, DMM Bitcoin, WazirX, Phemex, and BingX.
Safe cryptocurrency storage in 2025: a complete guide for the beginner
We tell you how to store bitcoin and ether properly, how to protect your wallet, and not to make mistakes that can lead to loss of funds
“Even if we optimistically say they lost 15% to freezes and fees and brokers that’s still over $1,5 billion dollars to the authoritarian regime of a nation with a total GDP <$30 billion,” Monahan noted.
A recent TRM Labs investigation found that hackers used underground Chinese banking networks to move funds across borders. These informal channels helped them circumvent global sanctions and reduce the risk of detection.
BitoPro has confirmed an $11,5 million hack due to pressure from the crypto community
Hackers laundered assets using Tornado Cash, Thorchain, and Wasabi mixers
To cover their tracks, hackers moved stolen assets through a complex chain of transactions, often using decentralized exchanges (DEX), cross-chain protocols, and cryptocurrency mixers.
In the final stage, assets are sent through over-the-counter (OTC) brokers, allowing North Korea to extract fiat currency with minimal oversight from global regulators.
US Justice Department has filed a lawsuit to seize the proceeds of blockchain developers from the DPRK
In question is the amount of $7,74 million frozen as a result of the 2023 investigation
An anonymous researcher under the nickname ZachXBT described this surge in coordinated thefts as part of a broader “crime supercycle” in the digital asset industry:
“While it’s true the industry has historically been ripe for abuse it has noticeably increased since politicians launched meme coins and numerous court cases were dropped further enabling the behavior.”
Useful material?
Telegram 
Twitter Incidents
Developers warned of potential risks to bridges across the ecosystem and asked exchanges for assistance.
Jun 22, 2026
Incidents
The defendant helped move funds stolen through investment scams and earned at least $4 million for his role in the operation.
Jun 10, 2026
Incidents
The company is linking the incident to a compromised private key on a service wallet, rather than a smart contract exploit
May 22, 2026
Incidents
Following the incident, the project temporarily halted trading operations and node activity.
May 15, 2026
Incidents
The user spent weeks unsuccessfully trying to guess the password until Claude helped find an old wallet backup file
May 14, 2026
Crypto regulations
Authorities are introducing mandatory registration for companies handling cross-border crypto transactions
May 8, 2026
Cryptocurrency rates
-
Bitcoin
$59 648
BTC
-0.51%
-
Ethereum
$2 551.16
ETH
+3.56%
-
BNB Smart Chain
$579.4
BSC
+1.23%
-
Ripple
$1.04
XRP
-0.55%
-
TRON
$0.160134
TRX
-1.59%
-
Dogecoin
$0.072368
DOGE
-2%
-
Zcash
$375.87
ZEC
-4.99%
-
Stellar XLM
$0.172054
XLM
-0.12%
-
Cardano
$0.143588
ADA
-0.84%
-
Polkadot
$3.32
DOT
+5.27%