A new TRM Labs report says North Korea-linked hackers stole $643 million in the first half of the year, accounting for about two-thirds of global cryptocurrency losses.

A projection of cyber code on a hooded man is pictured in this illustration picture taken on May 13, 2017.

North Korea-linked hacking groups were responsible for about two-thirds of the value of cryptocurrency stolen worldwide in the first half of this year, according to a report by blockchain analytics firm TRM Labs published on Wednesday.

The report revealed that North Korea-linked hacking groups stole a total of $643 million in cryptocurrency during the first six months of the year, according to the report.

The figure accounted for 66.2 percent of the $972 million in cryptocurrency stolen globally over the same period.

TRM Labs attributed two major attacks to North Korea-linked hackers: a $285 million breach of decentralized finance (DeFi) platform Drift in April and a $292 million hack of another DeFi platform, KelpDAO.

Combined, the two attacks resulted in $577 million in stolen cryptocurrency.

The amount stolen by North Korea-linked hackers in the first half of the year was down from about $1.7 billion during the same period last year, according to the report.

“North Korea’s activity has not slowed,” the report said. “The difference is that the rest of the ecosystem experienced fewer large-scale thefts than in 2025.”

The report also emphasized that these figures include “only hacks and exploits.”


North Korean men and women use computer terminals at the Sci-Tech Complex in Pyongyang, North Korea.

North Korea continues to generate cryptocurrency through other illicit activity, including “phishing campaigns, social engineering, fraud, scams and covert IT worker operations,” the report said.

As a result, the reported $643 million likely represents only a portion of North Korea’s total cryptocurrency-related revenue.

Meanwhile, South Korea, the United States and Japan held the fifth Trilateral Diplomatic Working Group meeting on North Korea’s Cyber Threats in Washington on June 25 and 26.

A U.S. State Department spokesperson told Voice Of America in an article published on Friday that North Korea has increasingly turned to cybercrime to evade international sanctions and finance its illicit weapons of mass destruction and ballistic missile programs, adding that cryptocurrency theft and money laundering have become a significant part of that strategy.

BY JUNG SI-NAE [lee.jiwon10@joongang.co.kr]

This article was originally written in Korean and translated by a bilingual reporter with the help of generative AI tools. It was then edited by a native English-speaking editor. All AI-assisted translations are reviewed and refined by our newsroom.



Source link