North Korea Earns $4 Billion Through Crypto Theft in Two Years Amid UN Sanctions

Hackings Targeting Japan and Singapore Exchanges
Money Laundering in Russia and Cambodia
Funds Cashed Out via Brokers and Used for Weapons Trade

North Korea has reportedly stolen a total of $4 billion worth of digital assets between last year and September 2025. The regime is believed to have laundered and converted the stolen cryptocurrencies into cash to finance its weapons of mass destruction (WMD) and ballistic missile programs. With international sanctions cutting off legitimate access to foreign currency, Pyongyang appears to be turning cyber theft into a state-sponsored revenue stream.

Cashing Out via Overseas Brokers in Cambodia and Elsewhere

According to a report released on the 24th by the Multinational Sanctions Monitoring Team (MSMT), North Korea stole approximately $2.84 billion worth of cryptocurrencies between January 2024 and September 2025, including an estimated $1.65 billion this year alone. MSMT was established in October 2024 by 11 countries, including South Korea, the United States, Japan, the United Kingdom, France, and Germany, to replace the now-defunct UN Security Council Panel of Experts on North Korea, whose activities were halted due to Russia’s veto.

North Korean cyber units reportedly posed as investors and entrepreneurs to infiltrate overseas cryptocurrency exchanges. The hackers lured exchange operators into downloading malicious software, enabling the theft. MSMT added that North Korea collaborated with Russian ransomware groups in carrying out these cyberattacks.

The report also revealed connections between North Korean laundering operations and organized criminal networks in Cambodia—groups recently accused of kidnapping, detaining, and torturing South Koreans. North Korean agents tied to the Reconnaissance General Bureau, a UN-sanctioned entity, maintained close ties with employees of the Cambodian financial conglomerate Huione. Together, they laundered funds, including $37.6 million stolen from Japan’s DMM Bitcoin exchange in May 2024.

North Korea also hacked military, scientific, and energy-related institutions in South Korea, the United States, the United Kingdom, and China to steal technological information. The Reconnaissance General Bureau’s hacking unit Andariel stole defense industry data through software supply-chain attacks, while another group, Kimsuky, distributed malicious code en masse to harvest data from South Korea’s construction sector.

The report noted that Pyongyang has used cryptocurrencies as a payment method for banned transactions involving raw materials such as gold and copper, in direct violation of UN Security Council resolutions. MSMT estimates that roughly 1,000–2,000 North Korean IT workers are stationed across at least eight countries, including China, Russia, Laos, and Cambodia. Of these, 1,000–1,500 are believed to be in China, 150–300 in Russia, and 20–40 in Laos, remitting around half of their income back to North Korea.

Surge in Attacks Targeting High-Net-Worth Crypto Investors

Despite a UN ban on overseas employment for North Koreans, income from its IT workforce abroad continues to rise. North Korean developers earned an estimated $350 million to $800 million last year by taking on projects in AI, blockchain, web development, defense, and government sectors, particularly in the United States and Europe. They create synthetic identities using verified online accounts, apply for remote jobs directly, and receive payments through banking services or cryptocurrencies.

The most devastating cyberattack linked to North Korea this year was the February “Bybit incident,” in which hackers stole roughly $1.4 billion in digital assets. In July, another exchange, WOO X, was hacked with losses totaling $14 million from nine users, and more recently, $1.2 million was stolen from the platform Sidify.

These cyber units have increasingly targeted wealthy individual investors whose personal security systems are often less sophisticated than corporate defenses. As of August 2025, the largest theft from a single individual amounted to $100 million. Tom Robinson, chief scientist at blockchain analytics firm Elliptic, warned, “Crimes against individuals are less likely to be publicly disclosed, meaning the real scale of North Korean cyber theft could be far greater. Since attribution formulas are not definitive, many unreported thefts may also trace back to Pyongyang.”

Hacking Profits Nearly Half of North Korea’s GDP

North Korea’s obsession with cyber theft is driven by the need to sustain the regime’s revenue streams, much of which is funneled into illegal WMD and missile development programs. With economic sanctions effectively choking off legal access to foreign exchange, Pyongyang has, over the past decade, trained some 7,000 elite cyber operatives to carry out sophisticated hacks.

In the early 2000s, North Korea’s cyberattacks targeted broadcasters, banks, and government institutions to create social disruption. It later shifted to online games, selling stolen virtual items for profit. However, as the profitability of game hacks declined, the regime turned its attention to cryptocurrencies. Until 2022, most hacks involved social engineering techniques such as phishing and smishing, designed to trick victims into installing malware—tactics resembling its early online gaming exploits. The relatively weak security posture of many crypto firms made them an ideal target.

By late 2023, North Korea had begun focusing on MetaMask, one of the world’s most widely used crypto wallets, exploiting undisclosed vulnerabilities in the Google Chrome browser to breach user accounts. It also employed advanced phishing methods, sending spoofed emails mimicking exchanges like Bithumb to cryptocurrency foundations, tricking them into opening compromised files. Some foundations later saw their wallets hacked and tokens delisted following security warnings from exchanges.

According to Elliptic, the cumulative value of digital assets stolen by North Korea now exceeds $6 billion—equivalent to nearly half of the country’s gross domestic product. The United Nations estimates North Korea’s GDP in 2024 at roughly $13.06 billion.