North Korea-linked hacks net $2.02B in 2025 as $1.5B Bybit breach drives surge

Chainalysis reports North Korea–linked groups stole at least $2.02 billion in cryptocurrency in 2025, driven primarily by a February Bybit breach that accounted for about $1.5 billion. DPRK-affiliated actors made up roughly 76% of service-level crypto theft value for 2025 and have cumulatively taken an estimated $6.75 billion over multiple years. Attackers shifted from high-frequency, low-value exploits to large, targeted intrusions using insider access, executive impersonation, contractor compromises and upstream vendor access to maximize single-event hauls. Chainalysis and the FBI identified disciplined 45-day laundering cycles that rely on many small transfers (commonly under $500,000), Chinese-language OTC brokers and payment processors, guarantee services, cross-chain bridges, mixers and exchanges with weak KYC. Retail impact remained significant: Chainalysis recorded about 158,000 theft incidents affecting roughly 80,000 personal wallets in 2025, totaling approximately $713 million (down from $1.5 billion in 2024) as attackers concentrated on large service breaches. For traders, the report highlights elevated systemic risk from state-linked, high-value exchange hacks, persistent laundering channels that complicate recovery and enforcement, and increased pressure on exchange security and compliance. Recommended trader actions include tightening counterparty due diligence, favoring exchanges with strong custody and KYC controls, monitoring addresses tied to reported incidents, and preparing liquidity contingency plans for exchange outages or confidence shocks.