North Korea-Linked Hackers Took $643 Million in Crypto Thefts
Hackers tied to North Korea stole $643 million in cryptocurrency, making up roughly two-thirds of all crypto stolen globally, per Korea JoongAng Daily reporting.

North Korea-Linked Hackers Dominate Global Crypto Theft
Hackers with ties to North Korea stole $643 million in cryptocurrency, a figure that accounts for approximately two-thirds of all crypto theft recorded globally during the period, according to reporting by Korea JoongAng Daily. The numbers put Pyongyang-linked groups in a class of their own when it comes to state-sponsored digital theft, dwarfing independent criminal operations by a wide margin.
The scale is striking. Two out of every three dollars stolen from crypto markets across the entire world traced back to a single nation-state actor. For an industry already wrestling with security concerns, that concentration of losses in one threat actor represents a serious structural problem.
How the Theft Numbers Break Down
The $643 million figure covers North Korea-linked operations specifically, set against a broader global total that the Korea JoongAng Daily report places the regime's share at roughly 66 percent. The remainder of global crypto thefts - from unrelated criminal groups, individual hackers, and other state actors - accounts for the final third.
North Korean hacking units have long been identified by cybersecurity researchers and government agencies as prolific actors in the crypto space. Groups operating under Pyongyang's direction have targeted cryptocurrency exchanges, decentralized finance protocols, and individual wallets, often laundering proceeds through mixers and cross-chain bridges to obscure the trail.
Sanctions limit North Korea's access to the international financial system, and stolen crypto has been widely assessed by analysts and government bodies as a significant revenue source for the regime, funding weapons programs and other state priorities.
Why Crypto Remains a Primary Target
Cryptocurrency's architecture creates specific vulnerabilities that nation-state hackers have proven skilled at exploiting. Smart contract bugs, phishing campaigns targeting exchange employees, and supply-chain attacks on wallet software have all been used in past incidents linked to North Korean groups.
Unlike traditional bank heists, crypto theft can move across borders instantly and, with enough laundering steps, become difficult to recover. Blockchain analytics firms have improved their ability to trace stolen funds, and several exchanges now freeze assets flagged as linked to known hacks - but recovery rates remain low once funds reach certain mixing services.
The sheer proportion of global theft attributed to North Korea-linked hackers in this reporting underscores how organized and well-resourced these operations have become. Individual cybercriminal groups typically lack both the technical depth and the operational security that state-backed units bring to bear.
What This Means for the Crypto Industry
For exchanges, DeFi platforms, and institutional investors, the data is a reminder that geopolitical risk is embedded in crypto markets in a direct, financial way. A regime cut off from traditional banking has effectively built a parallel revenue stream through digital asset theft.
Regulators in the United States, South Korea, and other jurisdictions have increasingly flagged North Korean cyber activity as a national security concern, not just a financial crime problem. Coordination between blockchain analytics companies and law enforcement has led to some asset freezes, but the volume of successful theft suggests the deterrent effect remains limited.
Korea JoongAng Daily's reporting adds fresh context to an ongoing story about how cryptocurrency's growth has created both opportunity and serious risk at the intersection of finance and geopolitics.
Crypto & Markets Analyst
Jordan breaks down crypto markets and digital assets for everyday readers.










