North Korea's Alleged $2.17B Crypto Heists in 2025: Weapons Funding?
North Korea's Crypto Thefts: A 2025 Overview
In 2025, alleged North Korean cyber activity has intensified, raising concerns about the use of stolen cryptocurrency to fund weapons programs. Here's a breakdown of key events and their implications:
On August 7, 2025, the US Department of Justice convicted Tornado Cash co-founder Roman Storm for operating an unlicensed money transmission business. This verdict, seen as a crackdown on crypto mixing services, directly impacts the laundering networks used by hacker groups.
Weeks later, on August 26, the FBI confirmed that the Lazarus Group was behind the $1.5 billion Bybit hack—the largest theft in crypto history.
Escalation of Cybercrime
Key Events:
- May 2025: Taiwan’s BitoPro exchange lost approximately $11.5 million.
- June 2025: The DOJ filed a forfeiture action to seize $7.74 million linked to laundering schemes.
- June 2025: Four North Korean nationals were indicted in Georgia for infiltrating US firms as IT contractors, stealing nearly $900,000.
A TRM Labs report estimated that North Korea stole $1.6 billion in the first half of 2025, accounting for about 70 percent of global crypto crime. The Financial Action Task Force (FATF) warned that North Korea posed the most severe state-based threat to the integrity of crypto markets.
Hidden Tactics:
A Wired investigation revealed over 1,000 email accounts linked to North Korean IT workers employed remotely by Western companies. Salaries were moved into crypto wallets and then laundered through mixers and cross-chain swaps, providing Pyongyang with steady funding.
Implications and Policy Reactions
These incidents have shaken confidence in the crypto industry. European exchanges report higher compliance costs, while South Korea has expanded blockchain forensics. The FATF warning pushed several governments to tighten licensing frameworks.
Essential Facts:
- North Korea allegedly stole $1.6 billion in H1 2025 (TRM Labs).
- The Bybit hack alone cost $1.5 billion (FBI).
- UN monitors reported that cyber proceeds fund weapons programs.
The Bigger Picture
Between 2017 and 2022, UN panels estimated that Pyongyang, including the Lazarus Group, generated about $2 billion through cyber theft. By 2025, the shift from opportunistic hacks to systematic campaigns demonstrated the regime’s growing sophistication.
Officials warn that Pyongyang is testing decentralized finance (DeFi) and privacy coins, which could lead to new sanctions on mixers, custodial wallets, and liquidity pools.
Expert Opinions:
“Cybercriminal activities generate about half of North Korea’s foreign currency income and are used to fund its weapons programs.”
— UN sanctions report, June 2025
“These funds enable DPRK’s malign activities worldwide, undermining sanctions and fueling proliferation.”
— US Department of Justice
“The Lazarus Group’s strategy has evolved from opportunistic hacks to structured, state-backed funding operations, making them harder to disrupt.”
— TRM Labs analyst