North Korea (DPRK) state-affiliated hackers and threat actors were responsible for more than $2 billion in crypto losses in 2025, a 51% year-over-year increase, despite fewer attacks carried out by the group, according to cybersecurity company CrowdStrike.

DPRK hackers represent the “largest” threat group targeting cryptocurrency users, as measured by the dollar amount of assets stolen, according to the company’s 2026 Financial Services Threat Landscape report. Crowdstrike added:

The DPRK hackers and scammers focused on targeting Web3 projects and cryptocurrency exchanges because the stolen funds could be “cashed out” and transferred with a greater degree of anonymity than in the traditional financial system, CrowdStrike said.

The countries most targeted by DPRK hackers. Source: CrowdStrike

The report highlights the growing threat of state-affiliated hacking groups targeting cryptocurrency users and industry companies through cybersecurity threats and social engineering scamsdesigned to steal funds and sensitive information.

Related: US sentences ‘laptop farmers’ tied to North Korean IT worker scheme

North Korean hackers infiltrate crypto projects online and offline

In April, the Ethereum Foundation, the organization that oversees development of the Ethereum ecosystem, identified 100 DPRK-backed hackersand threat actors who infiltrated crypto projects. 

Typically, these threat actors are remote hires; however, in April 2025, the Drift Protocol decentralized crypto exchange was infiltrated and compromisedby DPRK-affiliated technology workers, who met with the Drift Protocol development team.

The Drift Protocol team saidthat they met the threat actors during a “major” cryptocurrency industry conference and built a working relationship with them over six months.

Source: Drift Protocol

During the collaboration, the hackers deployed malware, which compromised Drift Protocol developer machines and caused $280 million in losses. 

“It is important to note that the individuals who appeared in person were not North Korean nationals,” the Drift team said, adding, “DPRK threat actors operating at this level are known to deploy third-party intermediaries to conduct face-to-face relationship-building.”

During that same month, Onchain sleuth ZachXBT also documented a group of North Korean information technology (IT) workers who were making $1 million per monthworking at technology companies.

Magazine: North Korea denies crypto hacks, Upbit’s bank tests Ripple: Asia Express

Source: https://cointelegraph.com/news/losses-dprk-hacks-2025-rose-51-year-over-year?utm_source=rss_feed&utm_medium=feed&utm_campaign=rss_partner_inbound

This detailed match analysis covers key moments, player performances, and tactical insights.