Total losses from crypto-related hacks by North Korean state-sponsored criminals are nearing $3 billion in less than two years, a new report has shown, stressing that these funds comprise a significant share of the country’s economy.
In a 138-page report on how the Democratic People’s Republic of Korea (DPRK) is evading sanctions via cybercrimes, the Multilateral Sanctions Monitoring Team (MSMT), an international mechanism to report sanctions evasions, calculated that from January 2024 to September 2025, North Koreans stole $2.84 billion in crypto assets.
What’s more, according to the MSMT, these heists accounted for approximately one-third of the DPRK’s total foreign currency revenue in 2024 (using the value of the stolen crypto assets at the time of theft and not accounting for any losses during laundering).
However, this share was smaller than in 2023, as the DPRK increased its revenues from weapons sales and doing business with another sanctioned state, Russia.
The report also emphasized that North Korean hackers from groups such as TraderTraitor, CryptoCore, and Citrine Sleet demonstrated "patience, effective social engineering, and a strong understanding of software supply chains to impact numerous victims," as they were mostly targeting third-party providers rather than the crypto exchanges themselves.
Per the MSMT’s calculations, TraderTraitor, also known as Jade Sleet or UNC4899, was responsible for the biggest share of all thefts, managing to steal around $2.58 billion in crypto assets from January 2024.
Meanwhile, an unusual case occurred with Munchables, a Web3 project that lost $63 million to a hack, as DPRK IT workers ultimately returned the funds due to operational impediments they faced during the laundering process.
The report also revealed that criminals from the DPRK have engaged with foreign cybercriminals since the 2010s, especially Russian-speaking ones.
"Since at least February 2025, DPRK actors associated with Moonstone Sleet leased ransomware capabilities from a non-state, Russia-based cybercrime group named Qilin (also known as Agenda) that leases its encryption tool via a 'ransomware-as-a-service' (RaaS) model to affiliates external to the Qilin group," the MSMT said.
In a joint statement, the governments of the US, Australia, Canada, France, Germany, Italy, Japan, the Netherlands, New Zealand, the Republic of Korea, and the UK urged all UN member states to raise awareness about the DPRK’s malicious cyber activities and hold responsible parties accountable for United Nations Security Council Resolution (UNSCR) violations.
"Considering the continued violations and evasions of relevant UNSCRs, we urge the Security Council to reestablish the Panel of Experts in the same strength and structure it had prior to its disbandment," the governments said, also urging "the DPRK to engage in meaningful diplomacy."
Your email address will not be published. Required fields are markedmarked