North Korea ‘industrialized’ crypto theft, laundered billions: CertiK

📄Full Article· Automatically extracted by trafilatura2633 words

Total DPRK crypto theft over the years. Source: CertiK/Skynet The report also identifies a shift from opportunistic hot wallet compromises to fewer, higher-value operations that target the largest pools of capital. In 2025, DPRK-linked groups were behind about 60% of the value stolen but only around 12% of total incidents, highlighting what CertiK describes as a focus on “precision and scale.” The single largest incident, the Bybit exploit in February 2025, resulted in about $1.5 billion in losses and is attributed in the report to the TraderTraitor cluster via a supply chain compromise of a third-party signing provider. In that case, CertiK’s onchain analysis found that about 86% of the stolen Ether was converted into Bitcoin within one month of the hack, using mixing services, cross-chain bridges, decentralized exchanges and over-the-counter brokers. CertiK’s Skynet study also details a progression in tactics, showing that social engineering remains the dominant initial attack vector, including fake job offers, investor impersonation and malicious code repositories. DPRK evolution playbook. Source: CertiK/Skynet The report attributes the Ronin Bridge exploit in 2022 to a spearphishing campaign involving a fake LinkedIn recruiter and a malware-laden PDF, while Bybit is cited as an example of a supply chain compromise, where attackers manipulated a user interface to route funds to a malicious address without changing the apparent content of transactions. Related: Web3 hacks cost $482M in Q1 as phishing drove majority of losses: Hacken The most recent evolution, described by CertiK as “physical infiltration,” is illustrated with the April 2026 Drift Protocol incident, in which about $285 million was drained from a Solana-based platform after a six-month operation involving conference attendance, relationship-building and governance manipulation. Jonathan Riss, blockchain intelligence analyst at CertiK, told Cointelegraph that DPRK-linked operations now blend intelligence tradecraft with technical exploits, warning that North Korean information technology workers and intermediaries can obtain trusted roles inside Western crypto and fintech firms under false identities. CertiK’s report, citing United Nations monitors and United States intelligence assessments, notes that revenue from these crypto thefts is confirmed to support North Korea’s nuclear and ballistic missile programs, elevating the issue from a cybersecurity concern to one of international security, according to those cited assessments. Asia Express: North Korea denies crypto hacks, Upbit’s bank tests Ripple More on the subject

Data Status✓ Full text extractedRead Original (CoinTelegraph)

🔍Historical Similar Events· Keyword + Asset Matching6 items

2026-05-12

North Korean Crypto Hackers Stole $2.1B in 2025, 60% of All Losses: CertiK

Similarity 180%關鍵字 certik/crypto/north

2026-05-03

North Korea's Crypto Hack Playbook Won't Work on Canton Network, Says Digital Asset CEO

Similarity 180%關鍵字 korea/crypto/north

2026-05-01

North Korea Claims 76% of 2026 Crypto Hack Losses in Just Four Months

Similarity 180%關鍵字 korea/crypto/north

2026-04-30