CertiK Report Analyzes Industrialization of Crypto Theft by North Korea-Linked Hackers and Record-High Damages in 2025

On May 13, 2026, blockchain security firm CertiK released a shocking report stating that North Korea-linked hackers 'industrialized' their cryptocurrency theft methods, stealing approximately $2.06 billion in 2025 alone. This figure represents about 60% of the $3.4 billion in total global cryptocurrency losses for 2025, suggesting that North Korea has completely dominated the digital asset threat landscape.

According to CertiK's analysis, these activities by North Korea have evolved beyond simple opportunistic phishing attacks into sophisticated, state-sponsored corporate-style crimes. 2025 was recorded as the year with the greatest damage in the history of cryptocurrency security, with North Korea-linked organizations increasing the intensity of their attacks and even breaking the previous record set in 2022.

The scale of the security crisis in 2025 is sounding a serious alarm for the entire cryptocurrency market. North Korea-linked hackers are threatening market stability by monopolizing more than half of the global hacking losses, signifying that state-led cyber warfare has fully expanded into the financial realm.

North Korea-linked hackers are no longer just attackers; they have transformed into massive industrial entities leading the global cryptocurrency crime market. Their methods are becoming more sophisticated by the day, and the speed of laundering has reached unprecedented levels.

The evolution of hacking tactics is clearly evident in the 'industrialized' penetration methods. North Korean hackers are directly targeting developers by distributing cloned packages with malicious backdoors in open-source software repositories such as GitHub and PyPI. CertiK reported that more than 230 malicious packages have been identified from September 2024 to the present.

Expansion of Physical Infiltration and Corporate Targeting

Recently, North Korean hackers have moved beyond online attacks to actively utilize physical infiltration and social engineering techniques targeting mid-to-large-sized companies. They are taking bold steps beyond the scope of traditional cyberattacks, such as disguising their identities or exploiting physical security loopholes to access internal corporate systems.

• Supply chain attacks through the insertion of malicious backdoors in open-source software
• Physical and social engineering infiltration attempts targeting mid-to-large cryptocurrency companies
• Large-scale distribution of malicious code through developer communities like GitHub and PyPI
• Operation of large-scale laundering infrastructure for the rapid concealment of stolen funds

Stolen funds are quickly concealed through large-scale money laundering infrastructure. CertiK analyzed that North Korean hackers use decentralized exchanges (DEXs) and cross-chain bridges to disperse stolen funds at a very high speed. In one major case, it was confirmed that 86% of the stolen funds were laundered within just 24 hours, making them untraceable.

The record-breaking damages in 2025 were largely driven by a few massive incidents. In particular, the hacking incident at the Bybit exchange recorded a loss of approximately $1.46 billion in a single event, accounting for a significant portion of the total damages for that year. Concentrated attacks targeting such large exchanges and platforms have become a primary strategy for North Korean hackers.

A Decade of Digital Pillage and the Continuing Threat in 2026

It is estimated that North Korea has stolen a total of $6.75 billion in cryptocurrency from 2016 to the present. An analysis of activities over the past decade shows that the rate of theft has accelerated exponentially in recent years, supporting the view that North Korea is using cryptocurrency theft as a key means of generating national revenue.

This trend continues unabated in 2026. As of May 2026, North Korea-linked activities account for approximately 55% of the total global cryptocurrency losses incurred so far this year. This is an indicator that North Korea is still efficiently operating the 'industrial' attack system it established in 2025.

Market Reaction and Regulatory Response Status

Even as security threats escalate, the cryptocurrency market is responding through regulatory overhauls and technical improvements. In the United States, the 'Clarity Act,' aimed at ensuring clarity in cryptocurrency regulation, is making progress in Congress, and such institutional developments are contributing to restoring market confidence. As of May 14, 2026, the price of Bitcoin remained strong, surpassing $82,000.

Moves by exchanges to strengthen security are also taking shape. Following the recent $292 million exploit of Kelp DAO, Kraken decided to migrate its wrapped Bitcoin technology to Chainlink to improve security vulnerabilities. This represents a shift in the industry toward adopting proven technical infrastructure to protect assets from external attacks.