In a saga that reads like a cyber-thriller but carries very real global consequences, North Korea has allegedly orchestrated an unprecedented spree of cryptocurrency heists, siphoning billions of dollars from digital asset platforms across the globe. According to a damning report released on October 22, 2025, by the Multilateral Sanctions Monitoring Team (MSMT)—a coalition of 11 countries including South Korea, the United States, and Japan—the reclusive regime stole approximately $2.84 billion worth of virtual assets between early 2024 and September 2025 alone. The MSMT, established in October 2024 after the United Nations Panel of Experts was dissolved due to a Russian veto, has stepped in as the international community’s eyes and ears on North Korea’s sanctions evasion tactics.
The report’s findings are as staggering as they are alarming. North Korea’s cyber units, primarily run by the Workers’ Party’s munitions industry department, the military’s reconnaissance general bureau, and the Ministry of Atomic Energy Industry, have targeted crypto exchanges in the Middle East and Asia, including Bybit in the United Arab Emirates, DMM Bitcoin in Japan, WazirX in India, and BingX Phemex in Singapore. The single biggest heist, a jaw-dropping $1.46 billion theft from Dubai-based Bybit in February 2025, now stands as the largest crypto theft in history, sending shockwaves through the global financial and cybersecurity communities, as reported by BreakingCrypto.io.
These cyberattacks are not isolated incidents. Since 2017, North Korea’s cumulative crypto thefts have surpassed $6 billion, with the 2025 total alone exceeding $2 billion. The MSMT report estimates that around 2,000 North Korean IT workers, many stationed in at least eight countries—including China, Russia, Laos, and Cambodia—have been mobilized for these operations. These workers, often affiliated with government entities already sanctioned under United Nations Security Council (UNSC) resolutions, remit about half their earnings back to Pyongyang, directly supporting Kim Jong-un’s regime and its illicit weapons programs.
How did North Korea manage to launder such vast sums? The answer, according to MSMT and Korea JoongAng Daily, lies in a complex web of overseas financial platforms and brokers. Chief among them is Huione Pay, a Cambodian financial service that has already been sanctioned by the United States for money laundering tied to human trafficking and detentions associated with Cambodia’s Prince Holding Group. North Korean intelligence officials have reportedly maintained close ties with Huione Pay employees since at least 2022, enabling the laundering of tens of millions of dollars—including $37.6 million stolen from Japan’s DMM Bitcoin exchange in May 2024 and $600 million from the Vietnamese gaming company Axie Infinity in 2022.
Despite Cambodia’s central bank revoking Huione Pay’s license, the platform continues to operate, according to the MSMT report. China’s UnionPay system has also been identified as a key conduit for converting laundered cryptocurrency into cash, with laundering networks stretching into Russia, Hong Kong, and Cambodia. The report asserts that China’s financial systems and nationals are deeply involved in these schemes, which are used as payment tools for North Korea’s weapons transactions and to secure natural resources—such as gold and copper—explicitly banned under UNSC resolutions.
North Korea’s cyber units have become increasingly sophisticated, employing tactics like impersonating investors or recruiters to trick targets into downloading malware, staging fake job interviews to gain remote employment, and selling stolen data in coordination with Russian ransomware groups. The MSMT noted that North Korean hackers are now leveraging artificial intelligence tools, including ChatGPT and DeepSeek, to enhance their operations. “It illustrates the DPRK’s ongoing exploitation of foreign governments, private businesses and the public to steal and fraudulently obtain billions of dollars for its unlawful weapons of mass destruction and ballistic missile programs,” a joint statement by MSMT participating countries declared, as cited by Yonhap News Agency.
The impact of these cyber heists on the cryptocurrency market has been profound. As BreakingCrypto.io reports, the Bybit theft and similar incidents have injected a persistent undercurrent of anxiety into the digital asset ecosystem. While major cryptocurrencies like Bitcoin and Ethereum have not always experienced immediate price crashes following such hacks, the cumulative effect is a noticeable erosion of investor confidence and increased market volatility. After major breaches, exchanges often see a surge in withdrawal requests as users move funds to self-custodied wallets, and trading volumes can become erratic as participants reassess risk. The specter of further attacks, coupled with the geopolitical implications of stolen crypto funding sanctioned regimes, has heightened calls for stricter regulatory oversight and robust security measures across the industry.
The crypto community’s response has been a mix of outrage, vigilance, and collective action. Blockchain analytics firms such as Chainalysis, Elliptic, and TRM Labs have stepped up efforts to trace and freeze stolen funds, working closely with law enforcement agencies. According to BreakingCrypto.io, Bybit even offered bounties to “crypto sleuths” in the wake of the record-breaking heist, reflecting a growing trend toward community-driven security solutions. Influencers and industry leaders have doubled down on the importance of multi-factor authentication, smart contract audits, and transparent operational practices, while advocating for greater adoption of self-custody solutions.
Internationally, the MSMT’s joint statement on October 22, 2025, reaffirmed the group’s commitment to implementing UNSC sanctions against North Korea and urged Pyongyang to engage in meaningful diplomacy. The coalition also called for the restoration of the UN Panel of Experts on North Korea sanctions, which was dissolved in April 2024 due to a Russian veto, arguing that a robust monitoring mechanism is essential for countering ongoing threats. “We urge the Security Council to reestablish the Panel of Experts in the same strength and structure it had prior to its disbandment,” the statement read.
Looking forward, the threat posed by North Korea’s state-sponsored crypto heists underscores the urgent need for enhanced international cooperation. Regulatory bodies in the United States, South Korea, and beyond are expected to intensify crackdowns on crypto mixers and other money-laundering tools, while exchanges and DeFi platforms face mounting pressure to bolster cybersecurity protocols. The MSMT report calls on all UN member states to join efforts to maintain peace and security in the face of ongoing threats from Pyongyang and its facilitators.
For crypto investors and industry players, these developments serve as a stark reminder: the battle for the integrity and legitimacy of the digital economy is far from over. As the cat-and-mouse game between hackers and security experts evolves, only a united and vigilant global response will ensure a safer future for digital assets.
