London / Seoul: North Korea has executed what is being described as the largest digital theft in the history of the cryptocurrency industry, cementing its position as the world’s most prolific state-backed cyber threat actor. According to blockchain intelligence firm Chainalysis, North Korean hackers stole more than ₹1.66 lakh crore worth of cryptocurrency in 2025 alone, marking a record-breaking year for cyber-enabled financial crime.
The findings are part of Chainalysis’ forthcoming 2026 Crypto Crime Report, which shows that Pyongyang’s cumulative crypto theft over the past decade has now exceeded ₹5.56 lakh crore. Analysts say the scale and persistence of these operations pose a direct challenge to the integrity of the global financial system.
Bybit Attack: The Largest Crypto Heist on Record
A substantial portion of the 2025 losses stemmed from a single, unprecedented attack. The report confirms that a cyber assault on the cryptocurrency exchange Bybit resulted in the theft of approximately ₹1.25 lakh crore in digital assets, making it the largest cryptocurrency heist ever recorded worldwide.
Between January and early December 2025, North Korean-linked actors accounted for around 60% of all cryptocurrency funds stolen globally. Even more striking, they were responsible for 76% of all service-level compromises across the crypto ecosystem during this period, underlining their dominance in high-impact attacks.
IT Worker Infiltration Emerges as a Key Tactic
Chainalysis highlights a strategic shift in North Korea’s cyber operations. Rather than relying solely on conventional hacking techniques, threat actors are increasingly deploying covert IT workers inside crypto exchanges, custodial platforms and Web3 firms.
These operatives secure legitimate employment, gain privileged system access and quietly enable large-scale thefts from within. Cybersecurity experts believe this tactic played a decisive role in making 2025 a record-setting year for North Korea’s crypto theft operations.
China-Linked Networks and Sophisticated Laundering Methods
Once stolen, the funds are laundered through a complex web of services. According to the report, North Korean hackers show a strong preference for Chinese-language platforms and networks, alongside the use of cross-chain bridges, mixing services, and specialist entities such as Huione.
These techniques significantly complicate asset tracing and recovery. The conclusions align closely with recent assessments by London-based blockchain analytics firm Elliptic, which has also identified North Korea as the most influential actor in global crypto crime.
Rising Threat to Individual Investors
The report also points to a sharp increase in attacks targeting individual users. In 2025, personal wallet compromises surged dramatically:
- The number of recorded theft incidents tripled compared to 2022, reaching 1.58 lakh cases
- The number of unique victims doubled from 40,000 to 80,000
Despite this, the total value stolen from individual investors fell to approximately ₹5,900 crore, down from a peak of ₹12,450 crore in 2024. Analysts say this indicates a shift toward mass targeting with smaller per-victim losses.
Most Affected Blockchain Networks
Chainalysis data shows that Ethereum and Tron experienced the highest rates of theft, while Solana and Base recorded comparatively fewer incidents, despite large user bases.
The firm notes that victimisation rates are influenced not only by technology, but also by user demographics, popular applications and the maturity of criminal infrastructure operating on each network.
A Serious Warning for Global Security
Security experts warn that North Korea’s expanding crypto theft operations extend far beyond financial crime. The stolen funds are believed to help circumvent international sanctions, while potentially financing weapons development, cyber warfare capabilities and strategic state programmes.
The 2025 findings serve as a stark warning. Without stronger global coordination on crypto regulation, security enforcement and intelligence sharing, analysts caution that digital asset theft could escalate further, posing long-term risks to both international finance and geopolitical stability.
