ANN | The Korea Herald
December 22, 2025
Illustration shows hackers against a North Korean flag backdrop.—Courtesy The Korea Herald
NORTH Korea–linked hacking groups has stolen more cryptocurrency than anyone else in 2025, siphoning off more than $2 billion as their operations became fewer but more targeted and higher impact, according to new research.
North Korean hackers stole about $2.02 billion worth of digital assets from January through early December, up 51 per cent from a year earlier, global blockchain analytics firm Chainalysis said in a report released this week.
The findings, part of Chainalysis’s annual overview of crypto crime, show global cryptocurrency theft reached about $3.4 billion this year, with North Korean operations accounting for nearly 60pc of the total. That pushed North Korea’s cumulative cryptocurrency theft to roughly $6.75 billion, the report showed.
While the overall number of hacking incidents linked to North Korea fell 74pc from 2024, their impact grew sharply. North Korean groups accounted for a record 76pc of all service-level compromises, excluding personal wallet hacks, underscoring a shift toward fewer but significantly larger breaches.
Chainalysis said the divergence has become more pronounced over time. Non–North Korean attackers showed a relatively even distribution across theft sizes this year, while North Korean operations dominated the highest-value ranges.
“When North Korean hackers strike, they target large services and aim for maximum impact,” the report said. Their tactics reflect a move away from exploiting decentralised finance vulnerabilities toward centralised exchanges and custodians as DeFi security improves. The $1.5 billion breach at Dubai-based exchange Bybit in February, the largest crypto heist on record, illustrates the scale of that approach.
The report pointed to insider infiltration as a key driver behind North Korea’s ability to execute such high-value thefts.
Published in Dawn, December 22nd, 2025
NORTH Korea–linked hacking groups has stolen more cryptocurrency than anyone else in 2025, siphoning off more than $2 billion as their operations became fewer but more targeted and higher impact, according to new research.
North Korean hackers stole about $2.02 billion worth of digital assets from January through early December, up 51 per cent from a year earlier, global blockchain analytics firm Chainalysis said in a report released this week.
The findings, part of Chainalysis’s annual overview of crypto crime, show global cryptocurrency theft reached about $3.4 billion this year, with North Korean operations accounting for nearly 60pc of the total. That pushed North Korea’s cumulative cryptocurrency theft to roughly $6.75 billion, the report showed.
While the overall number of hacking incidents linked to North Korea fell 74pc from 2024, their impact grew sharply. North Korean groups accounted for a record 76pc of all service-level compromises, excluding personal wallet hacks, underscoring a shift toward fewer but significantly larger breaches.
Chainalysis said the divergence has become more pronounced over time. Non–North Korean attackers showed a relatively even distribution across theft sizes this year, while North Korean operations dominated the highest-value ranges.
“When North Korean hackers strike, they target large services and aim for maximum impact,” the report said. Their tactics reflect a move away from exploiting decentralised finance vulnerabilities toward centralised exchanges and custodians as DeFi security improves. The $1.5 billion breach at Dubai-based exchange Bybit in February, the largest crypto heist on record, illustrates the scale of that approach.
The report pointed to insider infiltration as a key driver behind North Korea’s ability to execute such high-value thefts.
Published in Dawn, December 22nd, 2025
Amazon says blocked 1,800 North Koreans from applying for jobs
By AFP
December 22, 2025
US tech giant Amazon has said it blocked over 1,800 North Koreans from joining the company - Copyright Belga/AFP/File JONAS ROOSENS
US tech giant Amazon said it has blocked over 1,800 North Koreans from joining the company, as Pyongyang sends large numbers of IT workers overseas to earn and launder funds.
In a post on LinkedIn, Amazon’s Chief Security Officer Stephen Schmidt said last week that North Korean workers had been “attempting to secure remote IT jobs with companies worldwide, particularly in the US”.
He said the firm had seen nearly a one-third rise in applications by North Koreans in the past year.
The North Koreans typically use “laptop farms” — a computer in the United States operated remotely from outside the country, he said.
He warned the problem wasn’t specific to Amazon and “is likely happening at scale across the industry”.
Tell-tale signs of North Korean workers, Schmidt said, included wrongly formatted phone numbers and dodgy academic credentials.
In July, a woman in Arizona was sentenced to more than eight years in prison for running a laptop farm helping North Korean IT workers secure remote jobs at more than 300 US companies.
The scheme generated more than $17 million in revenue for her and North Korea, officials said.
Last year, Seoul’s intelligence agency warned that North Korean operatives had used LinkedIn to pose as recruiters and approach South Koreans working at defence firms to obtain information on their technologies.
“North Korea is actively training cyber personnel and infiltrating key locations worldwide,” Hong Min, an analyst at the Korea Institute for National Unification, told AFP.
“Given Amazon’s business nature, the motive seems largely economic, with a high likelihood that the operation was planned to steal financial assets,” he added.
North Korea’s cyber-warfare programme dates back to at least the mid-1990s.
It has since grown into a 6,000-strong cyber unit known as Bureau 121, which operates from several countries, according to a 2020 US military report.
In November, Washington announced sanctions on eight individuals accused of being “state-sponsored hackers”, whose illicit operations were conducted “to fund the regime’s nuclear weapons programme” by stealing and laundering money.
The US Department of the Treasury has accused North Korea-affiliated cybercriminals of stealing over $3 billion over the past three years, primarily in cryptocurrency.
By AFP
December 22, 2025
US tech giant Amazon has said it blocked over 1,800 North Koreans from joining the company - Copyright Belga/AFP/File JONAS ROOSENS
US tech giant Amazon said it has blocked over 1,800 North Koreans from joining the company, as Pyongyang sends large numbers of IT workers overseas to earn and launder funds.
In a post on LinkedIn, Amazon’s Chief Security Officer Stephen Schmidt said last week that North Korean workers had been “attempting to secure remote IT jobs with companies worldwide, particularly in the US”.
He said the firm had seen nearly a one-third rise in applications by North Koreans in the past year.
The North Koreans typically use “laptop farms” — a computer in the United States operated remotely from outside the country, he said.
He warned the problem wasn’t specific to Amazon and “is likely happening at scale across the industry”.
Tell-tale signs of North Korean workers, Schmidt said, included wrongly formatted phone numbers and dodgy academic credentials.
In July, a woman in Arizona was sentenced to more than eight years in prison for running a laptop farm helping North Korean IT workers secure remote jobs at more than 300 US companies.
The scheme generated more than $17 million in revenue for her and North Korea, officials said.
Last year, Seoul’s intelligence agency warned that North Korean operatives had used LinkedIn to pose as recruiters and approach South Koreans working at defence firms to obtain information on their technologies.
“North Korea is actively training cyber personnel and infiltrating key locations worldwide,” Hong Min, an analyst at the Korea Institute for National Unification, told AFP.
“Given Amazon’s business nature, the motive seems largely economic, with a high likelihood that the operation was planned to steal financial assets,” he added.
North Korea’s cyber-warfare programme dates back to at least the mid-1990s.
It has since grown into a 6,000-strong cyber unit known as Bureau 121, which operates from several countries, according to a 2020 US military report.
In November, Washington announced sanctions on eight individuals accused of being “state-sponsored hackers”, whose illicit operations were conducted “to fund the regime’s nuclear weapons programme” by stealing and laundering money.
The US Department of the Treasury has accused North Korea-affiliated cybercriminals of stealing over $3 billion over the past three years, primarily in cryptocurrency.
No comments:
Post a Comment