North Korea relies on state-backed hacking groups like Lazarus to finance its military, with stolen crypto accounting for nearly a third of its foreign currency earnings and providing a steady, illicit cash flow immune to traditional sanctions.
Summary
- North Korea has stolen at least $2.8 billion in cryptocurrency since 2024, with the funds supplying nearly a third of its foreign currency earnings.
- State-backed hacker groups targeted exchanges and custody providers through advanced supply-chain and social-engineering attacks.
- The stolen assets are laundered through mixers, cross-chain bridges, and Chinese OTC brokers, converting crypto into fiat for use in weapons and missile programs.
In an Oct. 22 report, the Multilateral Sanctions Monitoring Team said that between January 2024 and September 2025 North Korean actors orchestrated cryptocurrency thefts totaling at least $2.8 billion, through state-backed hacking groups and cyber-actors targeting the digital-assets sector.
The bulk of the haul stemmed from major incidents, including the February 2025 exploit of Bybit, which alone accounted for roughly half of the total. The report attributes these exploits to familiar North-Korean threat actors using sophisticated supply-chain, social-engineering and wallet-compromise methods.
North Korea’s sophisticated arsenal of theft and evasion
North Korea’s crypto operations revolve around a tight ecosystem of state-linked hacker groups, chief among them Lazarus, Kimsuky, TraderTraitor and Andariel, whose fingerprints appear in nearly every major digital asset breach of the past two years.
According to cybersecurity analysts, these teams operate under the Reconnaissance General Bureau, Pyongyang’s primary intelligence arm, coordinating attacks that mimic private-sector efficiency. Their primary innovation ha
Go to Source to See Full Article
Author: Brian Danga
