BrokerHiveX
HomeBrokerNewsReviewAcademyExposureFinancial Q&A

North Korean hackers escalate crypto attacks | Over $2 billion stolen by 2025, funds flowed to major exchanges

industry5 months before

Summary:By 2025, a North Korean national hacker group had stolen over $2 billion in crypto assets, targeting major exchanges, bridge protocols, and wallets. This article provides an in-depth analysis of their fund flows, typical cases, coin mixing techniques, and the global regulatory response.

North Korean hackers escalate crypto attacks | Over $2 billion stolen by 2025, funds flowed to major exchanges

1. Nation-state attacks enter a new phase: Over $2 billion stolen

In 2025, the global crypto security sector faced unprecedented geopolitical risk threats. According to a joint report by Elliptic and Chainalysis , North Korean hacker groups (primarily including the Lazarus Group ) had stolen over $2 billion in digital assets through attacks on exchanges, DeFi protocols, cross-chain bridges, and wallets by the end of September, setting a new record.

📉 Compared with the same period in 2024, the scale of attacks has surged by about 67% , and the targets have expanded from traditional exchanges to Layer2, NFT markets and stablecoin protocols.

2. Evolution of Attack Targets and Methods: From Exchanges to Cross-Chain Bridges

The attack logic of North Korean hackers has changed significantly:

Target of attack Proportion (2025) Features
Cross-chain Bridge 41% Asset concentration and weak contract protections allow for theft of hundreds of millions of dollars in a single transaction
CEX centralized exchange twenty four% Penetration through employee social engineering attacks, phishing emails, etc.
DeFi lending protocols 18% Exploiting unaudited contracts and flash loan attacks
Wallet/DApp users 17% Emerging methods such as social engineering and AI fake customer service

📍Strategy Evolution:

  • 2022–2023: Focus on attacks on centralized exchanges

  • 2024–2025: Gradual shift to cross-chain bridges and smart contract vulnerabilities

  • Second half of 2025: Combining AI social engineering and intelligent attacks to achieve "multi-point breakthroughs"

3. Capital Flows Revealed: Coin Mixers and Small Exchanges Become a Hotbed for Money Laundering

According to Elliptic ChainTracer ’s tracking data, approximately 72% of the stolen assets have been transferred through multiple layers of mixers and exchanges:

Fund flow channels Proportion Functional Description
Tornado Cash / Railgun Mixer 37% Concealing the source of funds and transaction paths
Decentralized cross-chain bridges (such as Multichain and Orbit) twenty one% Transfer assets across chains to avoid on-chain tracking
Small and medium-sized exchanges (CEX) 25% Exploiting weak KYC/AML to launder fiat currency
NFT Platform/OTC 9% Disguised as NFT transactions to complete cleaning

🔎 Analysis shows that the most commonly used trading exits by North Korean hackers include:

  • MEXC (multiple hacker fund inflows)

  • HTX (formerly Huobi)

  • KuCoin

  • Gate.io

  • OKX Small Account

These platforms usually have low KYC thresholds or have "face recognition agent" vulnerabilities, allowing hackers to easily complete currency laundering operations.

IV. Typical Case Review: Overview of Hundred-Hundred-Million-Dollar Attacks

time Case Amount stolen Attack Methods Where the funds go
2022/03 Ronin Bridge Attack $620M Private key theft + multi-signature control MEXC / Tornado Cash
2023/06 Atomic Wallet Hack $100M Phishing Email + Authorization Hijacking KuCoin / Railgun
2024/01 Harmony Bridge Attack $100M Smart Contract Vulnerabilities HTX / Tornado Cash
2025/05 Poly Network breached $210M Contract parameter tampering Gate.io / OTC Trading
2025/08 Orbit Bridge Attack $310M Multi-chain signature bypass OKX / Tornado Cash

📊Trend Analysis:

  • The amount of attacks is getting bigger and bigger, with single thefts often exceeding $200 million ;

  • Hackers prefer targets with concentrated assets and complex contracts;

  • Most stolen funds were mixed and transferred within 48 hours .

5. International Regulatory Response: From Sanctions to “On-Chain Countermeasures”

Global regulators are no longer just issuing statements on North Korea’s crypto attacks, but are now entering a phase of on-chain countermeasures and judicial freezes :

  • 🇺🇸US OFAC : Multiple Lazarus-related wallet addresses have been added to the sanctions list;

  • 🇪🇺EU Financial Intelligence Unit : requires exchanges to report suspicious flows in real time;

  • 🇰🇷South Korean police : Jointly established a multinational "on-chain intelligence team" with the FBI and Interpol to track currency laundering activities.

📌 In July 2025, the U.S. Treasury Department froze an Ethereum address involving $270 million in stolen assets for the first time, showing that on-chain justice has become a reality.

6. Investor Risk Warning: Five Signs of Identifying a Nation-Level Attack

Risk Signals illustrate
🛑 High-value single attack ($100M+) The scale of funding for state-level attacks far exceeds that of ordinary hackers
🧠 Social Work + Technology Combination Attack methods often combine phishing, Trojans, and vulnerability exploits
🧬 Multi-layer transfer chain Funds flow through multiple chains, mixers, and exchanges
🌍 Involving sanctioned wallets Often associated addresses can be found in OFAC and Chainalysis alerts
🪙 Targeting Infrastructure The focus of the attack is cross-chain bridges, lending platforms, and Layer 2 rather than retail wallets.

📊 Conclusion: Nation-level hackers have become a new variable in global financial security

The attacks by North Korean hackers such as the "Lazarus Group" are no longer just cybersecurity incidents, but part of financial security, international politics and even national security .
They have built a large-scale, systematic crypto-financial crime industry chain through on-chain vulnerabilities, social engineering attacks and currency mixing technology.

In the future, as geopolitical tensions escalate, similar attacks will only become more frequent and covert. For investors and platforms, the only way to respond is to:
✅ Strengthen security audits ✅ Improve risk control awareness ✅ Real-time monitoring of abnormal flows on the chain


⚠️Risk Warning and Disclaimer

BrokerHivex is a financial media platform that displays information from the public internet or user-uploaded content. BrokerHivex does not support any trading platform or instrument. We are not responsible for any trading disputes or losses arising from the use of this information. Please note that the information displayed on the platform may be delayed, and users should independently verify its accuracy.

Cryptocrime escalates in 2025 | $247 million stolen, AI and social engineering dominate new attack wave

Cryptocrime escalates in 2025 | $247 million stolen, AI and social engineering dominate new attack wave

Previous
The "Pig Slaughter" Scam Is Back | Global Crypto Fraud Losses Exceed $3.8 Billion in 2025: A Comprehensive Analysis of the Double Trap of Emotion and Investment

The "Pig Slaughter" Scam Is Back | Global Crypto Fraud Losses Exceed $3.8 Billion in 2025: A Comprehensive Analysis of the Double Trap of Emotion and Investment

Next

Evaluate

Su***ey
I was a scam victim, I lost a lot of money up to $170,000 I would like to express my gratitude to Innovations recovery Analyst for their exceptional assistance in recovering my funds from a forex broker. Their expertise and professionalism in navigating the complex process were truly commendable. Through their guidance and relentless efforts, I was able to successfully recover my funds of $170,000, providing me with much-needed relief. I highly recommend them on - INNOVATIONSANALYST@ GMAIL. COM or WhatsApp + 1 424 285 0682 to anyone facing similar challenges, as their dedication and commitment to helping clients are truly impressive. Grateful for their invaluable support in resolving this matter.