North Korean Cybercrime in Cryptocurrency
A recent report by CertiK, a blockchain security company, reveals a staggering $6.75 billion in cryptocurrency theft attributed to North Korean hackers since 2016, involving 263 separate incidents. This state-backed cybercriminal activity has emerged as the preeminent threat in the decentralized finance (DeFi) sector. According to the firm’s Skynet analysis, North Korea-linked groups escalated from being opportunistic criminals to dominating the crypto crime landscape, accounting for a striking 60% of total theft losses in 2025, which amounted to $2.06 billion.
Current Trends and Notable Incidents
This trend continues into 2026, where North Korean actors have been responsible for approximately 55% of the global losses in crypto assets so far this year. Taylor Monahan, an author of the report, emphasized that social engineering tactics remain the leading method of attack. A notable incident highlighted was the $285 million breach of the Drift Protocol in April 2026, where North Korean operatives impersonated a quantitative trading firm to infiltrate the DeFi platform over half a year.
Efficiency of Asset Laundering
One alarming detail from the report is the efficiency with which stolen assets vanish, facilitated by a vast laundering network. The hackers utilize decentralized exchanges and cross-chain bridges to quickly hide their tracks; in one instance, an impressive 86% of the hacked funds were laundered within a mere month. The analysis suggests that North Korea’s crypto theft activities have transformed into an essential financial lifeline for the regime, significantly depleting resources from the global crypto market while often evading law enforcement efforts.
Escalating Threats and Government Response
This assessment emerges against the backdrop of ongoing and relentless assaults by North Korean hackers on crypto systems. The Drift Protocol incident was the largest DeFi attack recorded in 2026, but it looks minor compared to the by then-unprecedented theft from Bybit in February 2025, where $1.46 billion was extracted in just two transactions. Reportedly, over $1 billion of those stolen funds have been laundered using the same cross-chain techniques discussed in CertiK’s findings.
Experts have described North Korea’s operations as remarkably advanced, with TRM Labs branding the scenario as an “industrial-scale” threat, harnessing cyber capabilities, intelligence backing, and a well-established illicit financing framework, including collaborations with foreign entities. Researchers refer to the regime’s laundering operation as the “Chinese Laundromat,” which incorporates various underground banking systems, over-the-counter brokers, money transmitters, and trade-based laundering schemes.
In response, the U.S. government has heightened efforts to dismantle these operations through targeted asset seizures. A civil forfeiture complaint filed by the Department of Justice in June claimed $7.7 million in cryptocurrency linked to North Korean money laundering operations. Court documents revealed significant transactions, including a wallet owned by Sim Hyon Sop, a representative from North Korea’s sanctioned Foreign Trade Bank, which received over $24 million in cryptocurrency from August 2021 to March 2023.
Future Strategies for Security
As the threat evolves, security firms are quickly advancing their strategies to counter the sophisticated cross-chain laundering methods. CertiK advocates for enhanced ID verification processes, such as video interviews, stringent hiring practices, and reinforcing the defenses of DeFi infrastructures, including bridges and hot wallets.
