- North Korean hackers took $2.1 billion in H1 2025.
- Bybit was the biggest hit, losing $1.5 billion.
- Severe impact on global crypto exchange security.
The substantial theft affects the cryptocurrency industry by questioning the security of digital assets. This highlights significant vulnerabilities in exchange and DeFi security, with immediate concerns for future cyber threats.
In H1 2025, North Korea’s Lazarus Group orchestrated crypto thefts totaling $2.1 billion, impacting global exchanges. TRM Labs attributed $1.5 billion to a Bybit hack. TRM Labs, through forensic tracking, has outlined the modus operandi of these hackers over the months.
Lazarus Group, a North Korean cyber syndicate, has heightened digital asset thefts, notably with a $1.5 billion theft from Bybit in February. Their actions primarily fund state weapons programs, raising concerns among global entities.
“North Korea-linked groups stole $1.6 billion, or 70 percent of H1 totals, as the regime leans on crypto theft to fund weapons programs.”
The crypto market experienced heightened fear and instability as North Korean hackers targeted exchanges and DeFi protocols. Security concerns surged, and industry participants scrutinized handling digital assets, with exchanges enacting tighter protections.
This theft demonstrates the persistent vulnerabilities within crypto security infrastructure. TRM Labs noted most exploits involved DeFi protocol weaknesses and pointed to urgency in fortifying tech defenses. Market participants anticipate stricter regulatory measures.
Long-term, the involvement of state-sponsored hacking adds complexity to international cyberspace governance. TRM Labs urges that improved monitoring systems and stronger regulatory frameworks are crucial to guard against future breaches and protect investors.
