Overview
- CertiK says DPRK-linked groups stole about $2.06 billion of the $3.4 billion taken in 2025, capturing most losses from only 79 of 656 incidents.
- The firm also reports $620.9 million more taken so far in 2026, led by a $291 million exploit targeting KelpDAO.
- Investigators describe a move from pure code exploits to social engineering and insider placement, with operatives hired as staff or contractors to reach internal keys and systems.
- Laundering now unfolds at speed, as seen when 86% of ETH from the Bybit hack was converted to bitcoin within a month using mixers and exchanges.
- A Crystal Intelligence assessment on South Korea links Lazarus to six of nine major exchange breaches since 2017 and traces $6.4 billion through the Hwanchigi network that converts funds offshore before cashing out in won.