CertiK: North Korean Crypto Hackers Drove $2.1 Billion in Losses in 2025

13-May-2026 Crypto Economy

TL;DR:

  • According to CertiK, hackers linked to North Korea stole $2.06 billion in cryptocurrencies in 2025, accounting for 60% of all theft-related losses.
  • Since 2016, North Korean state-sponsored groups have accumulated $6.75 billion stolen across 263 documented incidents.
  • 86% of the funds stolen in one of the most significant cases was laundered in under a month through DEXs and cross-chain bridges.

Blockchain security firm CertiK published a new analysis revealing how hacker groups linked to North Korea have become the primary threat to the global crypto ecosystem. According to the report, these groups stole $2.06 billion in 2025, representing 60% of total theft-related losses recorded that year. The trend continues into 2026, with North Korean groups responsible for 55% of losses recorded since January.

The document was produced through CertiK’s Skynet platform. It traces the evolution of these groups from opportunistic attacks toward coordinated, long-term campaigns. Taylor Monahan, the report’s author, identifies social engineering as the dominant attack vector. The most illustrative case is the Drift Protocol hack, which occurred in April 2026, where North Korean regime operatives spent six months infiltrating the DeFi platform while posing as a quantitative trading firm, before stealing approximately $285 million.

Lazarus Certik

CertiK Describes the Infrastructure Behind Large-Scale Laundering

What sets these groups apart is not only their capacity to steal, but the speed and sophistication with which they make funds disappear. CertiK documented that in one of the analyzed cases, 86% of the stolen funds were laundered in under a month through decentralized exchanges and cross-chain bridges. Blockchain analytics firm TRM Labs described these operations as an “industrial-scale” threat that combines cyberattacks, illicit financial infrastructure, and overseas intermediaries.

CertiK researchers refer to this laundering network as the “Chinese Laundry,” a web that includes underground bankers, OTC brokers, and money transfer operators. The Bybit exploit in February 2025, in which $1.46 billion was extracted across just two transactions, remains the most extreme case: more than $1 billion of those funds were laundered through the same cross-chain infrastructure detailed in the report.

CertiK Ventures Announces $45 Million Fund to Drive Web3 Development and Blockchain Security

Prevention Measures

In response to this landscape, U.S. authorities have intensified legal action. The Department of Justice filed a civil forfeiture complaint in June 2025 for $7.7 million in cryptocurrencies linked to laundering networks operated by North Korean IT workers.

Court documents revealed that a wallet controlled by Sim Hyon Sop, a representative of North Korea’s Foreign Trade Bank, received more than $24 million between August 2021 and March 2023. CertiK, for its part, recommends that companies implement identity verification through video interviews, zero-trust hiring policies, and technical reinforcement of active bridges and wallets.

Also read: Elliptic Raises 120 Million Backed by Nasdaq and Deutsche Bank to Scale AI Crypto Security
Next
Author's Name
telegram Telegram Twitter Twitter Linkedin Linkedin Instagram Instagram
About Author Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nunc fermentum lectus eget interdum varius. Curabitur ut nibh vel velit cursus molestie. Cras sed sagittis erat. Nullam id ante hendrerit, lobortis justo ac, fermentum neque. Mauris egestas maximus tortor. Nunc non neque a quam sollicitudin facilisis. Maecenas posuere turpis arcu, vel tempor ipsum tincidunt ut.
Read More Articles by Author
WHAT'S YOUR OPINION?
Related News