North Korea's Crypto Thefts: $2.8 Billion for Military Equipment!

North Korea's Crypto Thefts: $2.8 Billion for Military Equipment!

North Korea has stolen at least $2.8 billion in cryptocurrencies over the past two years through sophisticated cyberattacks on crypto exchanges and custodians. These funds are used crucially to finance the North Korean military. The state-backed hacking groups, including the well-known groups Lazarus and Kimsuky, use various methods to achieve their goals. According to a report from the Multilateral Sanctions Monitoring Team dated October 22, 2025, the stolen cryptocurrencies account for almost a third of North Korea's total foreign exchange earnings, highlighting the urgency of international attention to the situation.

The attacks are primarily carried out using sophisticated techniques, such as supply chain and social engineering attacks. One notable incident was the attack on the Bybit crypto exchange in February 2025, which alone accounted for around half of the total amount of stolen funds. This methodology demonstrates not only the technical capabilities of North Korean hackers, but also their targeted approach, as they often attack third-party digital asset storage providers. An example of this is the DMM Bitcoin incident, which resulted in a loss of $308 million.

The actors in North Korean cyberspace

In addition to Lazarus and Kimsuky, the main players in North Korean cybercrime also include TraderTraitor and Andariel. These groups have been involved in almost every significant digital asset breach in the last two years. The groups operate under the Reconnaissance General Bureau, North Korea's main intelligence agency. TraderTraitor uses platforms like LinkedIn to spread threats; One example is the targeted attack on a Ginco employee.

Another example of the variety of attacks is the Citrine Sleet collective, which specializes in less complex social engineering attacks. In October 2024, an actor from this group carried out a theft of $50 million. These different tactics demonstrate how flexible and adaptable North Korean hacking groups are to achieve their goals and adapt to new security measures.

The money laundering process

Once stolen, the stolen digital assets go through a complex money laundering process to conceal their origins. North Korean cyber actors often exchange the tokens for established cryptocurrencies such as Bitcoin or Ethereum. They use mixed services such as Tornado Cash and Wasabi Wallet as well as cross-chain bridges. The money laundering is largely organized through a network of OTC brokers in China, whereby the funds are ultimately deposited into North Korean-controlled bank accounts.

These illegal activities not only fund the military, but also North Korea's weapons of mass destruction and ballistic missile programs. Against this backdrop, the crypto industry is increasingly seen as an unregulated and unwilling supporter of North Korea's military ambitions, posing serious challenges to the global community.

Overall, the issue highlights the growing importance of crypto security and the need for international efforts to combat such criminal activities.

For more information on this topic, see also Crypto News.