/  North Korea Crypto Ban and State-Sponsored Hacking Operations in 2025
Crypto & Blockchain North Korea Crypto Ban and State-Sponsored Hacking Operations in 2025

North Korea Crypto Ban and State-Sponsored Hacking Operations in 2025

August 2, 2025 1 Comments By  Kurt Marquardt

North Korea Crypto Theft Impact Calculator

Calculate Stolen Crypto Impact

Impact Analysis

North Korea stole $2.17 billion from crypto services in 2025 alone - more than all of 2024 combined.
What could this fund?
Compared to US defense budget
Compared to North Korea's annual military budget
Missile components

How North Korea Uses Stolen Funds

Nuclear program Rare earth metals, missile components, warhead testing labs
Missile development Funds for ICBM production and testing
Military operations Payroll for military units, weapons maintenance

North Korea doesn’t allow its citizens to own cryptocurrency. Not because they’re worried about financial risk. Not because they think it’s unstable. They ban it because crypto is the one tool their regime can’t fully control - and that’s exactly why they’re stealing billions of it from the rest of the world.

The Ban That Isn’t a Ban

Inside North Korea, owning Bitcoin or Ethereum is illegal. Citizens who try to buy or trade crypto face severe punishment. But the government doesn’t ban crypto because it’s dangerous to its people. It bans it because crypto is dangerous to them.

Imagine a country where the state controls every dollar, every transaction, every bit of information. Then imagine a technology that lets money move anonymously, across borders, without permission. That’s the threat crypto poses to a dictatorship. So they outlaw it - while building the world’s most advanced crypto theft operation.

2025: The Year North Korea Broke the System

In February 2025, hackers linked to North Korea pulled off the biggest cryptocurrency heist in history. They stole $1.5 billion from ByBit, one of the world’s top crypto exchanges. The FBI labeled the operation "TraderTraitor." And it wasn’t a lucky break. It was a meticulously planned, years-in-the-making attack.

What made this different? They broke into a "cold wallet." These are offline storage devices, kept in vaults, disconnected from the internet. Experts called them "unhackable." North Korea proved they weren’t. They didn’t crack the code. They didn’t brute-force the system. They tricked a human.

Someone working at a crypto firm - maybe a developer, maybe an IT support staffer - was recruited or coerced. They gave up access. Maybe they didn’t even know who they were helping. North Korea has tens of thousands of IT workers abroad, posing as freelancers from Vietnam, China, or Kenya. They get paid in crypto. They send money home. And they’re building the tools that break into exchanges.

The Three-Legged Stool of Crypto Theft

North Korea’s crypto operation isn’t one thing. It’s three systems working together:

  1. Direct Exchange Hacks - Like ByBit. They target platforms with weak security, insider access, or outdated systems. In 2025 alone, they stole over $2.17 billion from crypto services - more than all of 2024.
  2. IT Worker Slavery - The UN estimates North Korea sends 70,000+ workers overseas under false identities. They work for tech companies in the U.S., Europe, and Asia. They code, they test apps, they manage servers. All while sending crypto payments back to Pyongyang. This brings in an estimated $600 million a year.
  3. Money Laundering Hubs - Cambodia is ground zero. The Huione Group, based in Phnom Penh, has been laundering $37.6 million in North Korean crypto since 2021. They use fake stablecoins, gambling sites, and shell companies to turn stolen Bitcoin into clean cash. The U.S. Treasury shut down Huione’s ties to the American financial system in May 2025 - but the network still operates.

These aren’t random criminals. They’re military units. The Korea Sobaeksu Trading Company, sanctioned by the U.S. Treasury in 2025, is directly tied to North Korea’s military intelligence. Their job isn’t to make money. It’s to fund missiles.

Fantastical creatures in a Phnom Penh marketplace float above blockchain networks, made of casino chips and crypto tokens in surreal colors.

How the U.S. Is Fighting Back

The U.S. government didn’t sit still after the ByBit hack. The FBI, Treasury, and Justice Department launched a coordinated response:

  • Sanctioned Korea Sobaeksu and three top officials - Kim Se Un, Jo Kyong Hun, and Myong Chol Min.
  • Unsealed indictments against seven DPRK nationals for sanctions evasion and counterfeit cigarette trafficking.
  • Offered rewards up to $7 million for information leading to arrests.
  • Pushed exchanges, blockchain analytics firms, and DeFi platforms to block known thief addresses.

Senator Elizabeth Warren and Jack Reed demanded answers from Treasury. "This isn’t just theft," they wrote. "It’s a national security threat."

But here’s the problem: you can’t sanction a ghost. You can’t arrest someone who’s sitting in a basement in Beijing, pretending to be a freelance coder from Manila. And you can’t freeze a wallet that’s spread across 5,000 different addresses on five blockchains.

The Real Threat Isn’t Just the Money

The $2.17 billion stolen in 2025 isn’t just cash. It’s fuel for North Korea’s nuclear program. It buys rare earth metals. It pays for missile components. It funds labs that test warheads.

Every time a crypto exchange gets hacked, it’s not just a loss for investors. It’s a win for a regime that’s been starving under sanctions for decades. And they’re getting smarter. They’re using AI to mimic human behavior in phishing scams. They’re building custom malware that evades detection for months. They’re partnering with criminal gangs in Southeast Asia and Africa to move cash faster than law enforcement can track it.

Even the biggest crypto firms are struggling. One major exchange told analysts they spent $12 million on security in 2024 - and got breached anyway. Now they’re spending $40 million. But North Korea doesn’t need to hack every exchange. Just one. Once. And they’ve already done it.

A leader statue towers over stolen wallets as citizens are chained below, all in mythological Alebrije art with fiery hues and digital static.

What Comes Next?

There’s no magic fix. You can’t out-code a state with unlimited resources and no moral limits. But there are steps that matter:

  • Exchanges need to stop trusting remote workers - Verify identities. Demand two-factor authentication from every contractor. If someone’s logging in from Pyongyang but says they’re in Toronto - block them.
  • Blockchain analytics must become mandatory - If you’re a crypto service provider, you need to scan every transaction against known bad addresses. Not because you want to - because you have to.
  • Global cooperation is non-negotiable - Cambodia, Nigeria, and Venezuela are still weak spots. Without international pressure, these countries will keep turning a blind eye.
  • Regulators must act on stablecoins - North Korea’s Huione stablecoins can’t be frozen. That’s the whole point. Regulators need to treat unbacked or untraceable stablecoins like weapons.

The crypto world thought it was decentralized. Free. Unstoppable. But North Korea proved it’s only as strong as its weakest link. And right now, that link is a person - tired, hungry, and working for a government that doesn’t care if they live or die.

Why This Matters to Everyone

You might think, "I don’t trade crypto. This doesn’t affect me." But it does.

When North Korea steals billions, they drive down prices. They trigger panic. They push regulators to crack down on everyone - not just criminals. More KYC. More restrictions. More surveillance. The same tools meant to stop them end up hurting ordinary users.

And if they keep succeeding, they’ll keep building more weapons. More missiles. More threats. The money they steal doesn’t just vanish into a digital black hole. It ends up in a warhead pointed at your city.

Why does North Korea ban crypto for its citizens but steal it from others?

North Korea bans crypto for its citizens because it undermines state control over money and information. But the regime uses crypto theft as a tool to bypass international sanctions and fund its nuclear program. They outlaw it at home to prevent citizens from escaping the financial system - while exploiting it abroad to steal billions.

How did North Korea hack the ByBit exchange?

The ByBit hack in February 2025 wasn’t a technical breakthrough - it was a social engineering win. North Korean operatives infiltrated the exchange by compromising a trusted employee, likely one of their own workers posing as a remote contractor. They used stolen credentials to access a cold wallet, bypassing physical security by exploiting human trust. The FBI confirmed the attack was carried out by the "TraderTraitor" group.

What role do North Korean IT workers abroad play in crypto theft?

North Korea sends over 70,000 IT workers overseas under false identities to work for foreign companies. These workers are trained in hacking, software development, and cybersecurity. They earn salaries in cryptocurrency, which they send back to Pyongyang. Many build tools used in exchange hacks or directly assist in attacks. The UN estimates this scheme generates $600 million annually for the regime.

Is Cambodia still a major hub for North Korean crypto laundering?

Yes. Despite U.S. sanctions on the Huione Group in May 2025, Cambodia remains a key laundering hub. Huione’s subsidiaries, including Huione Crypto, issue untraceable stablecoins and operate gambling platforms that convert stolen crypto into cash. While U.S. financial ties were cut, local banks and underground networks still process the funds. Enforcement remains weak due to corruption and lack of international oversight.

Can blockchain technology stop North Korean crypto theft?

Blockchain itself can’t stop it - it’s a ledger, not a lock. But blockchain analytics tools can help. Firms like Chainalysis and Elliptic track known thief addresses and flag suspicious transactions. Exchanges that use these tools can block funds before they’re cashed out. However, North Korea constantly shifts addresses and uses privacy coins and cross-chain bridges to evade detection. Technology helps, but human intelligence and global cooperation are still the most effective tools.

What can regular crypto users do to protect themselves?

Use exchanges with strong security audits and proven track records. Enable multi-factor authentication. Avoid sharing personal info with unknown contractors. If you’re using DeFi or lending platforms, check if they screen for sanctioned addresses. Most importantly, don’t assume "crypto is safe" - North Korea targets everyone. Your wallet could be next if the platform you use is weak.

Final Thought

North Korea didn’t invent crypto theft. But they turned it into a war strategy. While the world debates regulation and innovation, they’re building missiles with stolen Bitcoin. The real question isn’t whether we can stop them. It’s whether we’re willing to treat this like the national security crisis it is - before it’s too late.
Tag North Korea crypto ban state-sponsored crypto hacking ByBit hack DPRK cryptocurrency theft crypto sanctions evasion

About the author

Kurt Marquardt
Kurt Marquardt

I'm a blockchain analyst and educator based in Boulder, where I research crypto networks and on-chain data. I consult startups on token economics and security best practices. I write practical guides on coins and market breakdowns with a focus on exchanges and airdrop strategies. My mission is to make complex crypto concepts usable for everyday investors.

1 Comments

  1. Andrew Parker
    Andrew Parker November 15, 2025 AT 21:20 PM

    This is the most terrifying thing I've read all year. I mean, think about it-they’re not just stealing crypto, they’re stealing our future. Every dollar they take buys another nuke. And we’re out here debating whether Dogecoin is a good investment. 😭

Write a comment

Popular posts
Random posts
Categories
Archives