Crypto Hacks and Theft Led To $3.4 Billion Losses Led By North Korean Hackers

The crypto market has faced another year of consistent hacks and theft from threat actors, leading to an increase in stolen funds. According to data from Chainalysis, more than $3.4 million was lost to hacks and thefts in 2025, with the Democratic People’s Republic of Korea (DPRK) being the biggest primary threat actor.

$3.4 Billion Lost To Hacks and Theft in 2025

As 2025 draws to a close, the cryptocurrency industry is facing a grim reality: more than $3.4 billion has been lost to hackers and scammers so far this year. Although the overall count of individual hacks has slightly decreased over the past years, the magnitude and intensity of the attacks have reached an all-time high.

Most hacks have been traced back to the Democratic People’s Republic of Korea (DPRK). Year-end reports released by blockchain intelligence providers such as Chainalysis and TRM Labs claimed that Lazarus Group and other North Korean state-sponsored actors caused a whopping 2.02 billion dollars of the total losses. 

This represents a 51% rise in the theft volume of them in 2025 compared to 2024, solidifying 2025 as the most profitable year in the history of the cyber-criminal activities of Pyongyang. The report notes that the all-time total crypto hacks traced back to DPRK now stands at $6.75 billion.

In 2025, the DPRK actors advanced their methods of money laundering in order to circumvent more advanced on-chain detection. There was a 45-day laundering cycle following major thefts.

They used chain hopping (viciously transferring money between blockchains via cross-chain bridges to disrupt the audit trail) and Over-The-Counter (OTC) trading desks in Southeast Asia and Chinese language money laundering networks.

The Shift: Fewer Hacks, Catastrophic Losses

The story of 2025 was characterized not by the number of attacks, but by their accuracy. Year-over-year, there were 162 fewer hacks, but the losses were more catastrophic. Over the past years, the industry has been marred by hundreds of smaller DeFi protocol exploits. 

This year, hackers returned their attention to high-value infrastructure targets and Centralized Finance (CeFi). The data show that the top three hacks in 2025 would have almost 70 percent of all stolen funds. The best illustration of this loss concentration can be seen in the largest single event of the year the $1.5 billion compromise of the Bybit exchange in February.

Although Bybit could absorb the losses and continue operating, the attack proved that even the best exchanges that have the highest level of security, i.e. institutional grade, can be affected by the advanced persistent threats (APTs) of nation-state actors. 

The Emergence of Individual Wallet Drains

Although the centralized exchanges were the ones that had to suffer the direct impact of the financial damage in terms of volume, individual users experienced a different form of terror in 2025. Almost 37 percent of the total amount stolen (excluding the Bybit outlier) in 2025 was from individual wallets. 

Advanced phishing kits, sold as “Wallet Drainers-as-a-Service” on the dark web, enabled low-tier offenders to steal millions from retail users. But even in this case, North Korean fingerprints were discovered. While the drop in DeFi hacks shows an improvement in security, the industry must pivot from purely defensive code audits to comprehensive operational security.