More than $3.4 billion in cryptocurrency was stolen over the past year, with North Korea-linked hackers accounting for nearly $2 billion of that total. The figures highlight a clear shift in crypto crime dynamics, where attackers are executing fewer operations but targeting far larger payouts.
North Korea Drives Record Crypto Losses
Blockchain analytics firm Chainalysis estimates that North Korean actors stole approximately $2.02 billion in crypto, marking a 51% increase compared to the previous year. This surge has pushed cumulative losses attributed to the country to nearly $6.75 billion.
Although the overall number of attacks declined, the financial impact rose sharply due to a small number of high-value breaches. One incident alone-the February 2025 hack of Bybit-resulted in losses of around $1.5 billion, significantly skewing annual totals.
Service providers bore the brunt of these losses, as centralised platforms experienced rare but devastating private-key compromises that drained funds within minutes. By early December, industry-wide crypto losses had already surpassed $3.4 billion, with North Korea-linked groups responsible for the majority of the damage.
Bigger Hacks, Fewer Incidents
Data shows an expanding gap between typical hacks and extreme outliers. Last year, the largest single breach exceeded the median loss by more than 1,000 times-an unprecedented divergence.
Chainalysis reports that just three attacks were responsible for 69% of total service-provider losses. While smaller incidents continue to occur, their financial impact has become marginal compared to these major breaches. Since 2022, North Korea-linked thefts have consistently clustered at the highest value ranges, whereas other criminal groups tend to execute a broader mix of smaller attacks.
Distinct Laundering Behaviour
North Korean hackers also display unique laundering strategies. Rather than moving funds in large blocks, they typically split transfers into amounts below $500,000, a tactic that contrasts with other groups and helps analysts identify behavioral patterns.
Cross-chain bridges have played a key role in these operations, with platforms such as Celer and Stargate frequently used to shift assets between networks. Notably, these actors interact less with decentralised exchanges, lending protocols, and peer-to-peer platforms than other cybercriminals.
Retail Wallet Thefts Rise
While state-linked hacks dominate headlines, individual users remain highly exposed. Wallet compromise incidents climbed to roughly 158,000-nearly triple the levels seen in 2022. The number of unique victims rose to at least 80,000, driven partly by broader crypto adoption.
Despite the higher victim count, total losses from personal wallet theft fell to $713 million, down from $1.5 billion the previous year. This suggests attackers are targeting more users but extracting smaller amounts per victim.
Solana recorded the highest number of affected users, while Ethereum and Tron showed the highest theft rates relative to active wallets.
A Changing Threat Landscape
This year’s data points to a more calculated approach to crypto crime. Hackers are demonstrating greater patience, coordination, and selectivity-executing fewer attacks but achieving record-breaking losses when they strike.
Crypto crime has not faded. It has evolved. Understanding these shifting patterns may be critical to preventing the next wave of large-scale breaches.
Disclaimer: BFM Times provides information strictly for educational purposes and does not offer financial advice. Readers are advised to consult a qualified financial professional before making any investment decisions.
