North Korea hackers’ crypto losses jump 51% in 2025 as they target exchanges
CrowdStrike says DPRK (North Korea)-affiliated hackers caused more than $2B in crypto losses in 2025, up 51% YoY. The key shift: North Korea hackers ran fewer campaigns but focused on higher-value targets, especially Web3 projects and cryptocurrency exchanges.
The report links the proceeds to regime military funding and frames DPRK-linked activity as the largest crypto threat by dollars stolen. It highlights why losses are rising: funds can be cashed out with greater anonymity, and attackers can exploit weaknesses across smart contracts, private-key handling, and cross-chain bridge or related protocols.
The latest updates add concrete intrusion cases. In April, the Ethereum Foundation identified 100 DPRK-backed attackers infiltrating crypto projects. Drift Protocol also reported DPRK-affiliated intrusions into its development environment after a conference meeting, leading to malware deployment and $280M losses (with in-person contacts not necessarily DPRK nationals and potential use of third-party intermediaries). Onchain investigator ZachXBT separately documented North Korean IT workers reportedly earning around $1M per month.
For traders, the headline matters even if attack volume declines: elevated exchange and Web3 counterparty risk can widen tail risk, affect token liquidity, and raise expectations for faster incident response and on-chain monitoring.
Bearish
This is negative for crypto price action because it reinforces higher operational and counterparty risk for exchanges and major Web3 ecosystems. Even with fewer campaigns, DPRK-linked actors are achieving larger payouts (tail risk rises). In the short term, traders may price in potential security incidents, wider spreads, and liquidity concerns for exchange and Web3 tokens. In the long term, repeated high-dollar thefts can increase regulatory scrutiny and raise compliance/incident-response costs, which can cap risk appetite and weigh on sentiment.