09.04.2025
Eugene Komchuk
Eugene Komchuk
Editor at Traders Union
09.04.2025

Stolen billions: How North Korea profits from cryptocurrency

Stolen billions: How North Korea profits from cryptocurrency How North Korea acquires cryptocurrency

​The Democratic People's Republic of Korea (DPRK) regularly makes headlines, and almost always for the wrong reasons. The isolated country has gained notoriety through its aggressive cyberattacks. Over the past 20 years, North Korea has stolen billions of dollars in crypto assets, placing it among the top five state holders of BTC worldwide.

For years, the DPRK has been a pariah state, facing heavy international sanctions and diplomatic isolation due to human rights violations and nuclear weapons testing. Inside the country, a harsh totalitarian regime persists, marked by a cult of personality, restricted freedoms, and total state censorship. Citizens are denied access to the outside world, including the internet, independent media, and global communication.

Despite isolation, North Korea has adapted remarkably well to new forms of covert economic activity. In addition to traditional arms smuggling and illicit trade, the country now leverages cybertechnology to generate revenue.

North Korea's most infamous hacker groups

North Korean hackers have become a global threat, targeting banks and strategic institutions, but especially crypto companies. The most infamous group is Lazarus Group, responsible for a series of high-profile global cyberattacks. They have been linked to the 2014 Sony Pictures hack, the 2017 WannaCry ransomware attack, and numerous crypto exchange heists.

In addition to Lazarus, other active groups include APT38, which focuses on cyberbank heists, and Andariel, which conducts military and governmental espionage. These groups operate with a high degree of organization and, according to Western intelligence agencies, are coordinated by North Korea’s main intelligence body — the Reconnaissance General Bureau.

How much crypto has North Korea stolen?

According to South Korea's National Intelligence Service, North Korean hackers stole $1.5 billion in cryptocurrency between 2015 and 2023. Some of this funding supported the country's ballistic missile program. Efforts only intensified: TRM Labs reported that in 2023 alone, North Korea stole over $600 million in crypto, accounting for more than one-third of all global crypto hacks.

Their tactics typically involve social engineering to access private keys and seed phrases. Stolen funds are converted to USDT or Tron and later cashed out to fiat.

In recent years, crypto exchanges have become primary targets. A notable incident occurred in July 2024 when Indian crypto exchange WazirX suffered an exploit.

Hackers exploited a platform vulnerability to steal $235 million worth of Pepe (PEPE), Gala (GALA), and USDT tokens. Most of the funds were funneled through Tornado Cash and converted to Ethereum.

The Bybit hack

The largest crypto heist involving North Korean hackers happened recently. On February 21, 2025, the Lazarus Group stole approximately $1.46 billion in Ethereum from Bybit.

How did they do it? Using advanced techniques including social engineering, they gained access to the platform’s security system and eventually to Bybit’s core Ethereum wallets.

The stolen assets were moved through a complex web of intermediary wallets and cross-chain platforms. Hackers laundered over $1 billion via THORChain.

According to Arkham Intelligence, all stolen Bybit funds were eventually converted to Bitcoin. At the time, North Korea held 13,518 BTC worth about $1.12 billion, propelling it into the top five countries by Bitcoin holdings, ahead of Bhutan and El Salvador.

As of now, the country controls 12,210 BTC valued at $950 million, remaining a major and unavoidable player in the global crypto landscape.

Control and ambition

Unlike most countries that mine, purchase, or seize cryptocurrencies through legal means, North Korea simply steals them. For years, its state-backed hacker groups have carried out targeted cyberattacks against exchanges, wallets, and DeFi platforms worldwide.

These cyber operations aren’t just a means of bypassing sanctions — they’ve become a cornerstone of the country’s shadow economy. The funds, laundered through mixers and cross-chain protocols, are then converted into Bitcoin and funneled into state reserves.

North Korea doesn’t build blockchain platforms, attract investment, or participate in Web3 development — yet it ranks among the world’s top BTC holders. It is a unique case where cryptocurrencies are not a tool for innovation, but a weapon in a cyber-economic war aimed at sustaining the regime and advancing geopolitical ambitions.

This material may contain third-party opinions, none of the data and information on this webpage constitutes investment advice according to our Disclaimer. While we adhere to strict Editorial Integrity, this post may contain references to products from our partners.
Editors' Picks Crypto