2025-Blockchain-Security-and-AML-Annual-ReportEN.pdf (26 MB)

SlowMist’s 2025 blockchain security and AML review describes a more professionalized crypto threat landscape in which North Korea-linked hackers are frequently active alongside criminal networks. The excerpt identifies information-stealing malware, private-key hijacking, and social-engineering phishing as primary attack methods, while DeFi permission failures, meme-token issuance, RaaS, and MaaS contribute to broader loss and fraud patterns. Across 200 tracked blockchain security incidents, losses reached about $2.935 billion, with exchanges accounting for the largest losses and a single Bybit incident representing roughly $1.46 billion. The report highlights evolving phishing patterns such as ClickFix attacks, Solana owner-permission tampering, EIP-7702 authorization abuse, and Fake Safeguard scams, as well as fake job interviews, counterfeit security-expert guidance, hardware-wallet impersonation, supply-chain poisoning, malicious browser extensions, and AI-enabled fraud. For DPRK-focused monitoring, the key supported point is that North Korea-linked activity remains part of the crypto-theft ecosystem where social engineering, malware, private-key theft, and laundering infrastructure converge.