Overview
- Chainalysis says DPRK-linked thieves took about $2.02 billion this year—roughly 59% of the $3.4 billion stolen globally—pushing North Korea’s cumulative haul to about $6.75 billion.
- The February Bybit hack accounted for roughly $1.4–$1.5 billion of the total, with U.S. authorities and the exchange’s CEO attributing the theft to North Korean-linked actors.
- Attackers prioritized rare, high-impact breaches of centralized services, with DPRK responsible for a record 76% of service-level compromises despite fewer overall incidents.
- Access methods evolved from simple exploits to embedding IT workers and running recruiter-style social engineering that secured privileged access; the DoJ also sentenced Maryland resident Minh Phuong Ngoc Vong to 15 months for aiding an IT-worker scheme.
- Stolen funds typically move through a structured, multi-wave path over about 45 days using Chinese-language guarantee services, OTC brokers, cross-chain bridges and mixers, while personal wallet compromises surged to about 158,000 incidents affecting roughly 80,000 victims even as losses to individuals fell to about $713 million.