State-Backed Cyber Operations Target Exchanges and Protocols to Fund Sanctioned Regime
Cryptocurrency-related cybercrime linked to North Korea escalated sharply in 2025, marking the most severe year on record for digital asset theft and laundering. State-sponsored hacking groups intensified attacks on exchanges, custodians, and service providers as the regime continued to seek alternative funding channels under strict international sanctions.
Blockchain analysis indicates that North Korea–affiliated hackers stole more than $2.17 billion in cryptocurrency during the first half of 2025 alone, exceeding the total amount stolen across all of 2024. The most significant incident occurred in February, when attackers drained nearly $1.5 billion worth of Ethereum from BYBIT, representing the largest single crypto theft in history.
Additional breaches followed throughout the year, including a $37 million hack of a South Korean exchange, reinforcing concerns over the region’s exposure to targeted cyber operations.
North Korean-linked groups have expanded their tactics to include supply-chain attacks, third-party service exploitation, and infiltration of technology firms using false identities. Once funds are stolen, they are rapidly funneled through mixing services, decentralized exchanges, cross-chain bridges, token swaps, and over-the-counter brokers.
The simultaneous use of multiple laundering channels executed at high speed has become a defining trait of these operations.
Advances in artificial intelligence are expected to further enhance these tactics, enabling more convincing impersonation and automated laundering workflows. Experts warn that sanctions alone are insufficient, calling for stronger coordination between exchanges, blockchain analytics firms, and law enforcement.
Recommended countermeasures include enhanced due diligence, stricter identity verification, IP monitoring, and controlled access to crypto-based payments. While cybercrime may never be fully eliminated, rapid intelligence sharing and coordinated response frameworks are seen as critical in reducing the effectiveness of future attacks.
Disclaimer
This content is for informational purposes only and does not constitute financial, investment, or legal advice. Cryptocurrency trading involves risk and may result in financial loss.