North Korean state-backed hackers have intensified their cryptocurrency theft operations, amassing over $4.7 billion through sophisticated cyber attacks in recent years, according to a new report by Paradigm.
The report "Demystifying the North Korean Threat" reveals that between 2017-2023, North Korean hacking groups stole approximately $3 billion in crypto assets. This was followed by major attacks on cryptocurrency exchanges WazirX and Bybit, which netted an additional $1.7 billion.
At least five distinct North Korean hacking organizations currently target the crypto sector, with the Lazarus Group emerging as the most notorious. The group gained infamy through high-profile attacks, including the 2025 Bybit breach that resulted in $1.5 billion in stolen assets.
These cyber criminals employ increasingly complex attack strategies, ranging from social engineering and phishing campaigns to sophisticated supply chain infiltrations. Some operations demonstrate remarkable patience, with attacks meticulously planned over periods extending up to a year.
The hackers follow systematic money laundering patterns after successful attacks. They typically fragment stolen funds across numerous wallets, convert illiquid tokens to those with higher liquidity, and consolidate much of the value into Bitcoin. The assets are then held for extended periods until law enforcement attention subsides.
While authorities have made some progress in identifying perpetrators, with the FBI naming three alleged Lazarus Group members and the U.S. Justice Department indicting two individuals in 2021, the attacks continue to pose a growing threat to the digital asset industry.
The expansion of these operations highlights the increasing intersection between state-sponsored cyber warfare and cryptocurrency markets, raising concerns about the security of digital asset platforms worldwide.