Cryptocurrency thefts crept up this year amid a rise in hacks from North Korea.
That’s according to findings released Thursday (Dec. 18) by blockchain data platform Chainalysis, showing that the crypto industry saw more than $3.4 billion theft from January of this year through the early part of September.
Nearly half of that total — $1.5 billion — came from a single incident, the historic February compromise of the Bybit crypto exchange.
“The cryptocurrency ecosystem faced another challenging year in 2025, with stolen funds continuing their upward trajectory,” the company said, previewing its annual crypto crime report.
“Our analysis reveals a shift in crypto theft patterns, characterized by four key developments: the persistence of the Democratic People’s Republic of Korea (DPRK) as a primary threat actor, the growing severity of individual attacks on centralized services, a surge in personal wallet compromises, and an unexpected divergence in decentralized finance (DeFi) hack trends,” the report added.
The report found that North Korean hackers stole $2.02 billion in cryptocurrency in 2025, a 51% increase since last year, bringing their all-time total to $6.75 billion despite fewer attacks.
Advertisement: Scroll to Continue
The DPRK is carrying out larger thefts with fewer incidents, in many cases by embedding IT workers inside crypto services or “using sophisticated impersonation tactics targeting executives,” Chainalysis added.
The findings show that the top three hacks accounted for 69% of the losses, with outliers reaching 1,000 times the median. This has always been the case, the company said, with most hacks more or less small, and some gigantic.
“But 2025 reveals a striking escalation: the ratio between the largest hack and median of all incidents has crossed the 1,000x threshold for the first time,” the company added. “Funds stolen in the largest attacks are now 1,000 times larger than those stolen in the typical incident, surpassing even the 2021 bull market peak.”
Last month, Chainalysis’ CEO Jonathan Levin issued a warning against critical security weaknesses in the decentralized (DeFi) finance space.
In an interview with the Financial Times, Levin said the rapid growth of these cryptocurrency platforms, operating on blockchains and without intermediaries such as banks, had left their customers’ assets open to attack.
A company that is “building a protocol in your mum’s basement,” may not have a chief security officer “from GCHQ,” Levin said, in reference to the Government Communications Headquarters, the U.K. intelligence and security organization.
“Everyone in on-chain finance is just focused on [increasing value in the sector], rather than the security that’s actually locked on these platforms,” he added.
