Crypto Theft Impact Calculator
How Much Did North Korea Steal?
Between 2017-2025, North Korea stole over $3 billion in cryptocurrency - the equivalent of:
• $1.5 billion in single Bybit attack (Feb 2025)
• 30+ missile launches
• $120 million frozen in 2024 sanctions
• 61% of all crypto thefts despite only 20% of attacks
1M
3,000M
$3,000 million
Why This Matters
The article reveals these thefts directly fund weapons programs. North Korea uses stolen crypto to:
- Buy missile components
- Fund nuclear development
- Undermine international sanctions
Key Insight: 61% of all 2024 crypto thefts came from only 20% of attacks - proving North Korea's efficiency.
Between 2017 and 2025, North Korea’s state-backed hackers stole more than $3 billion in cryptocurrency - and that’s just what we know about. The real number is likely higher. These aren’t random criminals. They’re part of a military-grade cyberwarfare unit operating with one goal: bypass sanctions and fund weapons of mass destruction. Every dollar stolen from exchanges, wallets, and crypto firms ends up in Pyongyang’s nuclear program.
How They Do It: A Step-by-Step Breakdown
North Korean hackers don’t brute-force their way in. They don’t rely on zero-day exploits or fancy malware alone. Their real weapon is trust. Take the May 2024 attack on DMM, a Japanese crypto platform. It started with a LinkedIn message. A recruiter reached out to an employee at Ginco, a company that builds wallet software for exchanges. The message looked real - professional, detailed, even included a fake company profile. The target was asked to complete a "technical assessment" - a Python script hosted on GitHub. It looked harmless. It wasn’t. Once the script ran, it installed a backdoor. The hacker didn’t rush. They waited. For weeks, they watched. They studied how employees logged in, what systems they accessed, how approvals were handled. Then, in mid-May, they hijacked a live session cookie. That’s how they got into Ginco’s internal system - not by breaking in, but by pretending to be someone who already had access. From there, they manipulated a legitimate transaction request. A DMM employee asked to send funds. The hacker altered the destination wallet address. The transaction went through. $308 million in Bitcoin vanished. No alarms. No red flags. Just a quiet, perfect theft. This isn’t an exception. It’s the pattern. In 2023, the same group, known as TraderTraitor, hit Atomic Wallet, Alphapo, and CoinsPaid in a single month. In February 2025, another group - likely Lazarus - stole nearly $1.5 billion in Ether from Bybit, the biggest single crypto heist ever recorded. That’s more than all other crypto thefts combined in 2024.Why They’re So Successful
Most crypto hacks are messy. They’re done by amateurs looking for quick cash. North Korean teams are different. They’re patient. They’re well-funded. And they’re backed by a government that treats cybercrime like a national priority. They target the weakest link: people. Not software. Not protocols. People. They study LinkedIn profiles. They learn names, job titles, hobbies. They build fake identities. They send personalized messages. They wait months. They don’t need to hack the blockchain. They just need to trick one person into clicking a link. They also know how to move the money. After stealing crypto, they don’t cash out on Coinbase or Binance. They use decentralized exchanges, cross-chain bridges, and mixing services to split the funds across hundreds of wallets. Then they convert it to Bitcoin, Monero, or other privacy coins. By the time law enforcement traces it, the trail is cold. Chainalysis, the top blockchain analytics firm, says North Korea accounted for 61% of all crypto stolen in 2024 - even though they only carried out 20% of the attacks. That means they’re not just stealing more. They’re stealing smarter.Who’s Behind It
The U.S. FBI, Japan’s National Police Agency, and the UN Security Council all agree: these attacks are state-sponsored. The main groups are Lazarus, TraderTraitor, Jade Sleet, UNC4899, and Slow Pisces. These aren’t random hackers. They’re trained in North Korean cyber academies, likely under the Reconnaissance General Bureau - the country’s military intelligence agency. These teams operate like special forces. They train for years. They rehearse attacks in simulated environments. They have dedicated teams for social engineering, malware development, and money laundering. They don’t work for profit. They work for survival. With international sanctions choking off traditional revenue, crypto theft is now North Korea’s top foreign currency source. The U.S. Department of Defense has confirmed that stolen funds are used to buy raw materials for missiles, nuclear warheads, and advanced weaponry. In 2024, the UN estimated that North Korea’s cyber thefts funded over 30 missile launches. That’s not just theft. It’s a direct threat to global security.
What’s Changed Since 2023
In 2023, North Korea stole about $660 million in crypto. In 2024, that number jumped to $1.34 billion - a 103% increase. And in February 2025, they stole $1.5 billion in a single attack. The scale has changed. The speed has changed. The ambition has changed. Before 2024, most attacks targeted smaller exchanges or wallet services. Now they go after the biggest players: Bybit, DMM, Binance-affiliated platforms. They’re no longer scraping the bottom of the barrel. They’re going straight for the vaults. They’ve also gotten better at covering their tracks. In 2023, many thefts were traced back to known wallet clusters. In 2025, blockchain analysts say the laundering techniques are more sophisticated. They use private DeFi protocols, obscure cross-chain bridges, and even NFTs to move value without leaving a clear trail.Why Exchanges Keep Getting Hacked
Many crypto platforms still operate like they’re in 2018. They use single-signature wallets. They don’t enforce strict employee access controls. They don’t monitor internal communications for signs of compromise. After the Bybit heist, several exchanges rushed to add multi-signature wallets and hardware security modules. But that’s not enough. The real vulnerability isn’t the wallet - it’s the person who has access to it. Companies need to train employees like they’re in a war zone. That means regular phishing simulations. It means verifying every request for fund transfers with a second person. It means blocking access to personal email and GitHub from corporate devices. It means assuming someone is already inside your network - and acting like it. The truth is, no exchange is immune. Even the ones with the best tech can be brought down by a single employee who gets a convincing LinkedIn message.
What’s Being Done - and Why It’s Not Enough
The U.S. Treasury has sanctioned dozens of crypto wallets linked to North Korea. The FBI has issued public warnings. The UN has called for global cooperation. But sanctions don’t stop hackers. They just make them more creative. Blockchain analytics firms like Chainalysis and TRM Labs are getting better at tracking the money. But by the time they identify a stolen wallet, the funds have already been split, converted, and moved across 20 different chains. Recovery is nearly impossible. Some exchanges now require employees to use air-gapped devices and biometric logins. Others have started hiring former intelligence officers to run their security teams. But these are exceptions, not the norm. Most crypto firms still treat security as an afterthought - a cost center, not a defense line.What You Can Do
If you’re a regular crypto user, you’re probably safe. Most thefts target exchanges and businesses - not individual wallets. But if you work for a crypto company, or manage funds for one, here’s what you need to do:- Never click on links from unsolicited LinkedIn or email messages - even if they look real.
- Require two-person approval for every fund transfer.
- Use hardware wallets for cold storage - never keep large amounts on connected devices.
- Monitor your internal systems for unusual login times or locations.
- Train your team monthly on social engineering red flags.
The Bigger Picture
This isn’t just about money. It’s about power. North Korea has no natural resources, no global trade, no foreign investment. But it has hackers. And those hackers have turned digital theft into a strategic weapon. The $3 billion stolen since 2017 didn’t just disappear. It bought missiles. It bought uranium. It bought satellites that can target U.S. bases. Every time a crypto exchange gets hacked, the world gets a little less safe. The good news? We’re starting to see real consequences. In 2024, the U.S. froze $120 million in assets linked to Lazarus. Japan arrested two individuals tied to the Ginco attack. South Korea extradited a hacker who helped launder $80 million. But these are drops in the ocean. Until the world treats crypto theft by North Korea like the act of war it is - not just a financial crime - the attacks will keep coming. And they’ll keep getting bigger.How much has North Korea stolen in cryptocurrency?
Between 2017 and 2025, North Korean hackers have stolen at least $3 billion in cryptocurrency, with $1.5 billion stolen in a single attack on Bybit in February 2025. Total thefts reached $1.34 billion in 2024 alone - the highest annual amount ever recorded.
Who is behind the North Korean crypto hacks?
The attacks are carried out by state-sponsored hacking groups including Lazarus, TraderTraitor, Jade Sleet, UNC4899, and Slow Pisces. These teams are part of North Korea’s Reconnaissance General Bureau and operate like military units with dedicated roles in social engineering, malware, and money laundering.
How do North Korean hackers steal crypto?
They use sophisticated social engineering - often posing as recruiters on LinkedIn - to trick employees into installing malware. Once inside, they wait for weeks, observe internal systems, hijack active sessions, and manipulate legitimate transactions. They rarely break into systems directly - they trick people into letting them in.
Why is North Korea stealing crypto?
To bypass international sanctions and fund its weapons programs. The stolen funds are used to buy materials for nuclear weapons, ballistic missiles, and other military technology. The U.S. and UN have confirmed this link between cyber theft and weapons development.
Can stolen crypto be recovered?
Almost never. North Korean hackers use decentralized exchanges, cross-chain bridges, and hundreds of wallets to obscure the trail. By the time blockchain analysts trace the funds, they’ve been converted into privacy coins or mixed through DeFi protocols. Recovery is rare - prevention is the only real defense.
Are crypto exchanges doing enough to stop these attacks?
Most are not. While some have adopted multi-signature wallets and employee training, many still rely on outdated security practices. The biggest vulnerability isn’t the technology - it’s the people. Without constant training, strict access controls, and internal monitoring, even the best systems can be bypassed.
9 Comments
They’re not hackers they’re soldiers with keyboards and a death wish
Why are we still letting these companies get away with single-signature wallets? This isn’t tech failure-it’s negligence dressed up as innovation.
so like… if i get a linkedin dm from a recruiter named ‘james’ with a github link… i should just ignore it? 🤔
I’ve worked in fintech and let me tell you, the real problem isn’t the tech-it’s the culture. Everyone’s racing to ship features, no one’s training on social engineering. It’s like leaving your front door open and blaming the burglar for walking in.
What we’re witnessing isn’t merely cybercrime-it’s the recalibration of geopolitical power in the digital age. A nation with no oil, no exports, no diplomatic leverage, has weaponized the most universal language of our time: code. And in doing so, it has turned the global financial architecture into its private ATM. The real tragedy? We treat it like a balance sheet issue, not an existential threat.
It’s terrifying how simple it is. One fake LinkedIn message. One click. And billions vanish. We’ve built this whole economy on trust-and someone figured out how to exploit the human side of it. No firewall can fix that.
The scale of this operation is unprecedented. North Korea has created a state-run cyber-mercenary force with the precision of a Swiss watch and the ruthlessness of a mafia syndicate. Their success lies not in technical brilliance but in psychological mastery. They understand that humans are the weakest link-and they exploit it with surgical precision.
They don’t need to crack the blockchain. They just need to crack the intern who’s tired, distracted, and thinks ‘it’s just a test script.’ That’s the real horror story here. Not the tech. Not the crypto. It’s the fact that we still treat cybersecurity like a checkbox instead of a lifeline.
Been there. Got the phishing email that looked like HR. Turned out to be a fake GitHub link. Took me 3 weeks to realize it wasn’t just a glitch. Scary how good they are at mimicking real workflows.