North Korea drives record 2025 crypto theft as losses exceed $3.4 billion

According to the Cainanalysis report, the cryptocurrency ecosystem faced a sharp escalation in theft during 2025. An analysis covering January through early December 2025 reports that more than $3.4 billion in cryptocurrency was stolen over the period, with a single event in February dominating the annual total: the compromise of Bybit, reported at $1.5 billion. The same analysis attributes a record level of theft to North Korean hackers, estimating at least $2.02 billion stolen in 2025, described as a 51% increase compared with 2024, pushing the lower bound cumulative estimate of cryptocurrency stolen by North Korea to $6.75 billion.

A notable feature of the 2025 pattern is concentration. The report describes theft activity as increasingly outlier-driven, with a small number of extremely large events shaping annual totals. It states that the ratio between the largest hack and the median incident crossed a 1,000 times threshold for the first time. In this context, the top three hacks in 2025 are reported to account for 69% of all service losses. This concentration matters because it shows that the industry risk profile is not only about frequent, smaller incidents, but also about low-frequency, high-impact breaches that can rapidly overwhelm annual loss figures.

The analysis also highlights a shift in where harm is occurring. Individual wallet compromises surged to 158,000 incidents in 2025, affecting at least 80,000 unique victims. However, the total value stolen from individual victims declined to $713 million, down from $1.5 billion in 2024. The report interprets this pattern as attackers targeting more users while stealing smaller amounts per victim. It also notes that wallet victimisation rates vary across networks, and that differences are not explained by technology alone, suggesting that user demographics, popular applications, and criminal infrastructure may influence theft rates.

For centralised services, the report emphasises that private key compromises remain a fundamental security challenge. Even with institutional security resources, centralized platforms can experience very large losses when private keys are compromised, and the report notes that these events, while relatively infrequent, can dominate quarterly loss patterns. In fact, it states that private key compromises accounted for 88% of losses in the first quarter of 2025.

North Korea is presented as the most significant nation state threat actor to cryptocurrency security. The report describes a key change in operating model: fewer confirmed incidents but larger thefts. It links this to tactics such as embedding information technology workers within crypto services to gain privileged access, and a shift toward sophisticated impersonation and social engineering, including tactics that target executives. The report also describes how North Korea uses specific laundering approaches at scale. It highlights preferences for Chinese language money movement and guarantee services, cross-chain bridge services, and mixing services. It further describes a typical laundering timeline following major thefts, unfolding over approximately 45 days through multiple waves, beginning with immediate layering and then moving toward integration through exchanges and other services.

The report also discusses an unexpected pattern in decentralised finance. Despite increasing total value locked in decentralised finance, hack losses remained suppressed during 2024 and 2025. The report suggests this divergence may indicate improved security practices or a shift in attacker focus toward other targets, including personal wallets and centralised services. It illustrates this point with a September 2025 incident involving Venus Protocol, describing how early detection and rapid response actions helped prevent permanent losses.

Taken together, the findings describe a 2025 threat landscape defined by record aggregate losses, extreme concentration in a small number of large breaches, and a widening set of victim categories, including a significant rise in personal wallet compromises. The report also provides operationally specific observations on laundering behaviours, especially those associated with North Korea, and it outlines measurable changes in how theft is distributed across platform types and users.

Source: 2025 Crypto Theft Reaches $3.4 Billion