Cryptocurrency is reshaping global finance, and few nations illustrate its darker potential like North Korea. In Pyongyang, digital assets aren’t tools of innovation but instruments of survival. Behind closed firewalls, state-backed hackers have turned crypto theft into a strategic industry, funding weapons and bypassing sanctions at an unprecedented scale.
With billions siphoned from exchanges and DeFi platforms, the regime’s cyber-armies now rival traditional state-owned enterprises in revenue, proof that in 2025, the world’s most isolated economy has mastered the borderless nature of blockchain.
In today’s piece, Disruption Banking uncovers the infrequently told story of North Korea’s crypto heists and how they are fueling a rogue regime in 2025.
Pyongyang’s Cyber Armies: Weaponizing Crypto Theft
Cryptocurrency has become a key tool for North Korea’s regime, but not in ways that benefit ordinary citizens. Rather, Pyongyang’s cyber armies, notably the Lazarus Group, including its TraderTraitor operations, have aggressively stolen and laundered digital assets to evade sanctions and fund weapons programs.
This year alone, an estimated $2 billion in crypto has been looted by the Democratic People’s Republic of Korea (DPRK) hackers so far, a record amount, including a $1.46 billion heist of the Bybit exchange. Data shows cumulative North Korean cryptocurrency thefts since 2017 now exceed $6 billion, much of it converted to fiat to support nuclear and missile development.
The trend is accelerating. In 2024, DPRK hackers stole about $1.34 billion in crypto across 47 incidents, and 2025’s spree has already substantially exceeded that number. These attacks, from major exchange breaches to DeFi exploits, underscore the regime’s growing reliance on crypto heists as a sanctions-evasion revenue stream.
Laundering the Loot: North Korea’s Blockchain Maze
The FBI warned that Pyongyang is aggressively targeting DeFi and crypto firms with phishing, fake job offers, and malware-infected interview tests.
Chainalysis’s 2025 analysis shows private-key/seed-phrase theft and social-engineering are major drivers of crypto losses this year.
Once the crypto is stolen, North Korean hackers move it through a maze of blockchain paths to hide its origin. They use mixers, cross-chain bridges, and smaller, lesser-known blockchains to swap tokens into stablecoins like USDT or USDC, spreading the money across thousands of wallets.
Even so, investigators still have an advantage — the blockchain keeps a trail. In 2024, the U.S. Justice Department seized about $7.7 million linked to a North Korean laundering network, and FBI raids uncovered stolen NFTs and tokens.
According to UN experts, every stolen coin leaves a digital footprint — and that’s what makes tracing these heists possible from start to finish.
Crypto in North Korea: A Citizen-Free Black Market
Cryptocurrency adoption among North Korean citizens and institutions is virtually nonexistent or covert. Pyongyang has no domestic exchanges or legal framework for digital assets, leaving crypto in a legal gray zone. With the economy and internet tightly controlled, ordinary citizens lack access to global financial networks, making retail crypto use nearly impossible. Any underground activity would face severe punishment, including imprisonment or execution for unauthorized tech use.
Institutions show no legitimate crypto interest either. No state-backed digital currency projects exist, but some state entities are tied to crypto crime. Sim Hyon Sop of Korea Kwangson Banking Corp (KKBC) has been sanctioned for laundering crypto to fund Weapons of Mass Destruction (WMD) programs. U.S. Treasury findings show DPRK banks use front companies and fake overseas accounts to cash out stolen crypto.
Research by Royal United Services Institute (RUSI) in London suggests Pyongyang may also mine crypto, not for public use, but to generate or hoard hard currency for the regime. In essence, any institutional crypto activity serves illicit state financing, not the legitimate economy.
Global Crackdown: Chasing North Korea’s Digital Gold
The global response has been swift. Governments and blockchain firms are tightening sanctions and deploying forensic tools to cut North Korea off from crypto revenues.
This year, the U.S. Treasury’s Office of Foreign Assets Control (OFAC) sanctioned numerous DPRK fronts, including fake tech firms, wallet clusters, and laundering hubs such as the Chinese-based Shenyang Geumpungri. Individuals like Chinese-UAE broker Lu Huaying and Russian converter Vitaliy Andreyevich Andreyev were also blacklisted for turning stolen DPRK crypto into dollars.
Law enforcement agencies have stepped up coordination. The FBI tied several wallet addresses to DPRK IT-worker schemes, one dubbed TraderTraitor. Seoul reportedly froze North Korea-linked wallets, while Tokyo banned mixing services used for laundering. A 2024 trilateral statement by the U.S., Japan, and South Korea condemned Pyongyang’s crypto theft, as blockchain analytics firms continued to trace and block suspicious trails.
These measures show results. After sanctions, platforms like NetEx24, Bitpapa, and Cryptex saw volumes plunge by between 70 – 85%, mixers were shut down, and blacklisted wallets were publicly tracked. The U.S. Treasury expects further sanctions on new fronts, mixers, and crypto-to-cash services.
Crypto’s Dark Paradox: North Korea’s Stateless Empire
North Korea has weaponized cryptocurrency as a sanctions-busting fund source while its citizens remain largely barred from digital finance. The state’s stance seems to be: encourage illicit crypto schemes abroad, but eradicate any unsanctioned crypto activity at home. International observers see this as a grave challenge for crypto regulation.
The massive scale of North Korea’s cyberattacks and their heavy reliance on exploiting human weaknesses highlight the urgent need for much stronger security defenses across the industry.
For now, global authorities are shining a spotlight on the blockchains that hide North Korea’s digital gold, a cat-and-mouse game likely to continue through 2025 and beyond.
#Crypto #Blockchain #DigitalAssets #DeFi #NorthKorea
Author: Ayanfe Fakunle
The editorial team at #DisruptionBanking has taken all precautions to ensure that no persons or organizations have been adversely affected or offered any sort of financial advice in this article. This article is most definitely not financial advice.
See Also:
Is the Lazarus Group Behind the $1.5 Billion Bybit Crypto Heist? | Disruption Banking
North Korean IT Workers Infiltrate U.S. Companies | Disruption Banking
