Crypto theft reached $3.4B in 2025 with actors linked to North Korea driving
record losses and evolving attack patterns, says Chainalysis.
A Big Year for Crypto Theft
The blockchain
Blockchain
Blockchain comprises a digital network of blocks with a comprehensive ledger of transactions made in a cryptocurrency such as Bitcoin or other altcoins.One of the signature features of blockchain is that it is maintained across more than one computer. The ledger can be public or private (permissioned). In this sense, blockchain is immune to the manipulation of data, making it not only open but verifiable. Because a blockchain is stored across a network of computers, it is very difficult to tamp
Blockchain comprises a digital network of blocks with a comprehensive ledger of transactions made in a cryptocurrency such as Bitcoin or other altcoins.One of the signature features of blockchain is that it is maintained across more than one computer. The ledger can be public or private (permissioned). In this sense, blockchain is immune to the manipulation of data, making it not only open but verifiable. Because a blockchain is stored across a network of computers, it is very difficult to tamp
Read this Term intelligence firm Chainalysis’s 2026 Crypto
Crime Report, a preview of which you can see here,
reveals a stark picture of cryptocurrency theft in 2025. According to the
report, more than $3.4 billion worth of digital assets were stolen from January
through early December 2025, continuing an alarming trend of high-value thefts
in the crypto space.
This figure incorporates an unusual pattern: a few
extraordinarily large breaches account for the majority of losses, rather than
countless small hacks. The top three hacks alone made up 69 percent of total
stolen funds.
1/ In the first preview chapter of our 2026 Crypto Crime Report, we look at how North Korean hackers stole $2.02B in crypto during 2025, a 51% increase from 2024, pushing their all-time total to $6.75B: https://t.co/B9l4x1g9VM
— Chainalysis (@chainalysis) December 18, 2025
North Korea: Dominant Threat Actor
The Democratic People’s Republic of Korea (DPRK) stands out
as the most significant state-linked threat in the report. North Korean hackers
stole at least $2.02 billion in cryptocurrency in 2025, a 51 percent
year-over-year increase from 2024, despite carrying out fewer overall attacks
than in previous years.
That massive haul has pushed the lower-bound estimate of
total DPRK-linked stolen crypto to an astonishing $6.75 billion over time.
The report suggests that these actors are focusing on high-impact,
high-value targets and using sophisticated methods to access privileged systems
inside exchanges and custodial services. Techniques have evolved beyond
traditional breaches to include social engineering and impersonation of recruiters
at major web3 and AI firms, giving attackers ways to harvest critical
credentials.
Not Just Big Services, But Personal Wallet Targets Too
While institutional and exchange
Exchange
An exchange is known as a marketplace that supports the trading of derivatives, commodities, securities, and other financial instruments.Generally, an exchange is accessible through a digital platform or sometimes at a tangible address where investors organize to perform trading. Among the chief responsibilities of an exchange would be to uphold honest and fair-trading practices. These are instrumental in making sure that the distribution of supported security rates on that exchange are effectiv
An exchange is known as a marketplace that supports the trading of derivatives, commodities, securities, and other financial instruments.Generally, an exchange is accessible through a digital platform or sometimes at a tangible address where investors organize to perform trading. Among the chief responsibilities of an exchange would be to uphold honest and fair-trading practices. These are instrumental in making sure that the distribution of supported security rates on that exchange are effectiv
Read this Term hacks account for most of
the dollar value stolen, there is a notable rise in personal wallet compromises.
Chainalysis estimates more than 158,000 theft incidents involving individual
wallets in 2025, impacting roughly 80,000 unique victims.
Interestingly, even though the number of compromised
personal accounts has spiked, the total value stolen from these individual
incidents is lower than in previous years, suggesting attackers are targeting
many users for smaller amounts rather than a few for big scores.
Today you learned that 2 billion / ~30 billion or 1/15 of North Koreas GDP is from Crypto hacks pic.twitter.com/OBE2rnHK74
— Ammar Safdari (@asapdar) December 19, 2025
This shift could reflect broader adoption of crypto wallets,
meaning more potential victims, but also possibly better security practices at
major platforms that deter large-scale exploitation.
Large Hacks Are Still the Main Drivers
Despite more incidents overall, a small number of catastrophic
hacks drive the lion’s share of losses. For example, early in 2025, a
major breach at Bybit, now attributed to North Korean actors, resulted in a
haul of around $1.5 billion, making it one of the largest single thefts in
crypto history. Officials also dismantled a EUR 700 million fraud ring operating across Europe just this month.
Such high-value thefts skew the industry’s crime landscape.
The report notes that the ratio between the largest hack and the median stolen
amount has now exceeded 1,000 to 1, underlining how a handful of outliers can
dictate annual totals.
These massive breaches also shape broader trends.
Centralized platforms, despite their professional security teams, remain
vulnerable to private key compromises, and when these attacks succeed, they
generate disproportionate losses compared with smaller, decentralized finance
(DeFi) hacks.
North Korean hackers stole a record $2 billion of crypto this year, researchers said, a sharp jump from 2024 that underscores the country’s growing ability to pull off massive heists https://t.co/PeXztrIojK
— Bloomberg (@business) December 18, 2025
What This Means for Crypto Security
Evolving Attack Strategies
The 2026 Crypto Crime Report highlights how threat actors
are adapting and innovating. Instead of merely exploiting technical bugs,
attackers are increasingly leveraging human-targeted tactics, such as
impersonation and social engineering to gain privileged access.
Particularly concerning is the possibility that hackers may
embed themselves within organizations or pose as potential partners to gain
deeper entry into infrastructure systems, a trend that could outpace
traditional defensive measures.
Bigger Targets, Bigger Impact
The concentration of losses in a few breaches suggests that platform
security remains a weak link. Large exchanges and custodians, where vast sums
of assets are aggregated, present attractive targets. Their compromise can
ripple across markets and shake investor confidence.
That said, the divergence in DeFi, where hack losses have
remained comparatively lower even as total value locked rises, may indicate improved
defensive practices in some parts of the ecosystem.
MASSIVE:
🇰🇵 NORTH KOREA NOW CONTROLS $1.1 BILLION WORTH OF BITCOIN.
THIS ISN’T RETAIL VS. WHALES ANYMORE.
THIS IS GOVERNMENTS VS. GOVERNMENTS.
BITCOIN IS NO LONGER JUST AN ASSET.
IT’S STRATEGIC POWER. pic.twitter.com/AXlGxBj8DT
— Merlijn The Trader (@MerlijnTrader) November 1, 2025
Looking Ahead
Chainalysis’s findings paint a complex picture for 2026 and beyond.
With attackers capable of inflicting enormous damage in a single incident, the
industry will need to double down on robust security, compliance, and threat
intelligence to stave off further losses.
At the same time, the rise in personal wallet compromises
underscores the need for better education and individual security practices, as
users increasingly manage their own keys and assets in a decentralized world.
In a space prized for innovation, the battle against theft
and hacking remains a persistent and evolving challenge, one that demands
coordinated defenses, smarter protocols, and industry-wide vigilance.
Crypto theft reached $3.4B in 2025 with actors linked to North Korea driving
record losses and evolving attack patterns, says Chainalysis.
A Big Year for Crypto Theft
The blockchain
Blockchain
Blockchain comprises a digital network of blocks with a comprehensive ledger of transactions made in a cryptocurrency such as Bitcoin or other altcoins.One of the signature features of blockchain is that it is maintained across more than one computer. The ledger can be public or private (permissioned). In this sense, blockchain is immune to the manipulation of data, making it not only open but verifiable. Because a blockchain is stored across a network of computers, it is very difficult to tamp
Blockchain comprises a digital network of blocks with a comprehensive ledger of transactions made in a cryptocurrency such as Bitcoin or other altcoins.One of the signature features of blockchain is that it is maintained across more than one computer. The ledger can be public or private (permissioned). In this sense, blockchain is immune to the manipulation of data, making it not only open but verifiable. Because a blockchain is stored across a network of computers, it is very difficult to tamp
Read this Term intelligence firm Chainalysis’s 2026 Crypto
Crime Report, a preview of which you can see here,
reveals a stark picture of cryptocurrency theft in 2025. According to the
report, more than $3.4 billion worth of digital assets were stolen from January
through early December 2025, continuing an alarming trend of high-value thefts
in the crypto space.
This figure incorporates an unusual pattern: a few
extraordinarily large breaches account for the majority of losses, rather than
countless small hacks. The top three hacks alone made up 69 percent of total
stolen funds.
1/ In the first preview chapter of our 2026 Crypto Crime Report, we look at how North Korean hackers stole $2.02B in crypto during 2025, a 51% increase from 2024, pushing their all-time total to $6.75B: https://t.co/B9l4x1g9VM
— Chainalysis (@chainalysis) December 18, 2025
North Korea: Dominant Threat Actor
The Democratic People’s Republic of Korea (DPRK) stands out
as the most significant state-linked threat in the report. North Korean hackers
stole at least $2.02 billion in cryptocurrency in 2025, a 51 percent
year-over-year increase from 2024, despite carrying out fewer overall attacks
than in previous years.
That massive haul has pushed the lower-bound estimate of
total DPRK-linked stolen crypto to an astonishing $6.75 billion over time.
The report suggests that these actors are focusing on high-impact,
high-value targets and using sophisticated methods to access privileged systems
inside exchanges and custodial services. Techniques have evolved beyond
traditional breaches to include social engineering and impersonation of recruiters
at major web3 and AI firms, giving attackers ways to harvest critical
credentials.
Not Just Big Services, But Personal Wallet Targets Too
While institutional and exchange
Exchange
An exchange is known as a marketplace that supports the trading of derivatives, commodities, securities, and other financial instruments.Generally, an exchange is accessible through a digital platform or sometimes at a tangible address where investors organize to perform trading. Among the chief responsibilities of an exchange would be to uphold honest and fair-trading practices. These are instrumental in making sure that the distribution of supported security rates on that exchange are effectiv
An exchange is known as a marketplace that supports the trading of derivatives, commodities, securities, and other financial instruments.Generally, an exchange is accessible through a digital platform or sometimes at a tangible address where investors organize to perform trading. Among the chief responsibilities of an exchange would be to uphold honest and fair-trading practices. These are instrumental in making sure that the distribution of supported security rates on that exchange are effectiv
Read this Term hacks account for most of
the dollar value stolen, there is a notable rise in personal wallet compromises.
Chainalysis estimates more than 158,000 theft incidents involving individual
wallets in 2025, impacting roughly 80,000 unique victims.
Interestingly, even though the number of compromised
personal accounts has spiked, the total value stolen from these individual
incidents is lower than in previous years, suggesting attackers are targeting
many users for smaller amounts rather than a few for big scores.
Today you learned that 2 billion / ~30 billion or 1/15 of North Koreas GDP is from Crypto hacks pic.twitter.com/OBE2rnHK74
— Ammar Safdari (@asapdar) December 19, 2025
This shift could reflect broader adoption of crypto wallets,
meaning more potential victims, but also possibly better security practices at
major platforms that deter large-scale exploitation.
Large Hacks Are Still the Main Drivers
Despite more incidents overall, a small number of catastrophic
hacks drive the lion’s share of losses. For example, early in 2025, a
major breach at Bybit, now attributed to North Korean actors, resulted in a
haul of around $1.5 billion, making it one of the largest single thefts in
crypto history. Officials also dismantled a EUR 700 million fraud ring operating across Europe just this month.
Such high-value thefts skew the industry’s crime landscape.
The report notes that the ratio between the largest hack and the median stolen
amount has now exceeded 1,000 to 1, underlining how a handful of outliers can
dictate annual totals.
These massive breaches also shape broader trends.
Centralized platforms, despite their professional security teams, remain
vulnerable to private key compromises, and when these attacks succeed, they
generate disproportionate losses compared with smaller, decentralized finance
(DeFi) hacks.
North Korean hackers stole a record $2 billion of crypto this year, researchers said, a sharp jump from 2024 that underscores the country’s growing ability to pull off massive heists https://t.co/PeXztrIojK
— Bloomberg (@business) December 18, 2025
What This Means for Crypto Security
Evolving Attack Strategies
The 2026 Crypto Crime Report highlights how threat actors
are adapting and innovating. Instead of merely exploiting technical bugs,
attackers are increasingly leveraging human-targeted tactics, such as
impersonation and social engineering to gain privileged access.
Particularly concerning is the possibility that hackers may
embed themselves within organizations or pose as potential partners to gain
deeper entry into infrastructure systems, a trend that could outpace
traditional defensive measures.
Bigger Targets, Bigger Impact
The concentration of losses in a few breaches suggests that platform
security remains a weak link. Large exchanges and custodians, where vast sums
of assets are aggregated, present attractive targets. Their compromise can
ripple across markets and shake investor confidence.
That said, the divergence in DeFi, where hack losses have
remained comparatively lower even as total value locked rises, may indicate improved
defensive practices in some parts of the ecosystem.
MASSIVE:
🇰🇵 NORTH KOREA NOW CONTROLS $1.1 BILLION WORTH OF BITCOIN.
THIS ISN’T RETAIL VS. WHALES ANYMORE.
THIS IS GOVERNMENTS VS. GOVERNMENTS.
BITCOIN IS NO LONGER JUST AN ASSET.
IT’S STRATEGIC POWER. pic.twitter.com/AXlGxBj8DT
— Merlijn The Trader (@MerlijnTrader) November 1, 2025
Looking Ahead
Chainalysis’s findings paint a complex picture for 2026 and beyond.
With attackers capable of inflicting enormous damage in a single incident, the
industry will need to double down on robust security, compliance, and threat
intelligence to stave off further losses.
At the same time, the rise in personal wallet compromises
underscores the need for better education and individual security practices, as
users increasingly manage their own keys and assets in a decentralized world.
In a space prized for innovation, the battle against theft
and hacking remains a persistent and evolving challenge, one that demands
coordinated defenses, smarter protocols, and industry-wide vigilance.
