North Korea 'Industrialized' $2.06B Crypto Heist as Hackers Shift to Physical Infiltration — CertiK

North Korea-linked threat actors have consolidated their position as the dominant force in cryptocurrency theft, accounting for roughly 60% of all funds lost to crypto exploits in 2025, according to a new report by blockchain security firm CertiK. The findings paint a picture of a state-backed operation that has moved well beyond opportunistic phishing campaigns into a structured, high-volume criminal enterprise. CertiK estimates that North Korean hackers were responsible for approximately $2.06 billion of the $3.4 billion total stolen across the crypto sector so far this year.

The most significant tactical shift identified in the report is the group's transition from remote cyberattacks to physical infiltration. Instead of relying solely on phishing, social engineering, and malicious smart contracts, North Korean operatives are increasingly embedded within organizations as employees or contractors. This approach grants them direct access to private keys, multi-signature wallets, and internal systems—making detection significantly harder and potential payouts far larger. CertiK describes this as a deliberate maturation of methodology rather than a collection of isolated incidents.

The laundering infrastructure supporting these operations has grown proportionally. Stolen funds are cycled through mixers, cross-chain bridges, and decentralized exchanges at scale, obscuring traceability and converting illicit proceeds into clean capital. The scope of North Korea's crypto operations has drawn sustained attention from U.S. Treasury's Office of Foreign Assets Control, the FBI, and allied intelligence agencies, which have repeatedly linked the activity to the regime's weapons of mass destruction and ballistic missile programs. Industry analysts warn that without fundamental improvements in insider threat controls and wallet security practices, the trend shows no sign of reversing.