What Is Chainalysis' 2025 Report on North Korean Crypto Hacks? DPRK-Linked Theft Hits $2 Billion – Up 51% YoY

According to blockchain analytics firm Chainalysis’ latest report released on December 19, 2025, hackers linked to North Korea stole approximately $2 billion in cryptocurrency assets throughout 2025—a 51% increase from 2024 levels.

This brings the cumulative total attributed to DPRK actors since tracking began to around $6.75 billion. The attacks primarily targeted centralized services with fewer but larger-scale breaches, accounting for the bulk of losses. Notably, the Bybit exchange suffered an estimated $1.4 billion theft, representing a significant portion of the year’s total. DPRK-affiliated groups were responsible for 76% of all centralized service attacks in 2025. For those tracking crypto hacks 2025, North Korea cyber threats, or blockchain security trends, this data underscores the evolving sophistication and scale of state-sponsored cryptocurrency theft.

Key Findings from Chainalysis’ 2025 DPRK Hacking Report

The report highlights shifts in attack patterns and laundering techniques:

• 2025 Theft Volume: ~$2 billion (+51% YoY).
• Cumulative Total: ~$6.75 billion.
• Primary Targets: Centralized services (fewer incidents, higher value).
• Largest Incident: Bybit hack (~$1.4B).
• DPRK Share: 76% of centralized service attack value.

Individual wallet compromises declined to ~$713 million (20% of total, down from 44%), though incident count rose to 158,000 cases.

How DPRK Hackers Launder Stolen Crypto in 2025

Chainalysis detailed refined laundering methods:

• Small-Batch Splitting: Funds divided into minor amounts early.
• Cross-Chain Bridging: Rapid movement across networks.
• Early Mixer Use: Conversion via mixing services shortly after theft.
• OTC Channels: Frequent use of Chinese-margin services and over-the-counter desks.
• Cash-Out Cycle: Typical timeline ~45 days from theft to fiat.

These tactics complicate tracing while enabling gradual off-ramping.

Why Centralized Services Remain Prime Targets

Despite DeFi growth, centralized platforms continue to hold large hot wallets, making them attractive for high-value, low-frequency attacks:

• Efficiency: Fewer breaches yield massive returns.
• Impact: Single incidents like Bybit dominate annual totals.
• Contrast with Retail: Personal wallet thefts more numerous but lower value.

The 76% DPRK dominance in service attacks reflects specialized capabilities.

Broader Implications for Crypto Security in 2026

The $2 billion 2025 figure—part of $6.75B cumulative—highlights persistent state-sponsored threats:

• Industry Response: Exchanges enhancing cold storage, multi-sig, and insurance.
• Regulatory Pressure: Increased scrutiny on OTC and bridging services.
• Geopolitical Context: Funds reportedly support DPRK programs amid sanctions.
• Prevention Focus: Better KYC, real-time monitoring, and cross-chain tracing.

While total hack volumes vary yearly, DPRK consistency remains a top concern.

In summary, Chainalysis’ December 19, 2025, report details ~$2 billion in 2025 cryptocurrency thefts by North Korea-linked hackers (+51% YoY), pushing cumulative losses to $6.75 billion—with centralized services like Bybit bearing the brunt. Refined laundering via splitting, bridging, and OTC channels complicates recovery. As threats evolve, the data urges stronger security across exchanges and DeFi. Monitor Chainalysis updates and on-chain analytics for ongoing developments in cryptocurrency hacking trends.