CrowdStrike reports that DPRK-nexus actors drove a 51% year-over-year increase in digital asset theft in 2025, stealing a reported $2.02 billion across the financial sector. PRESSURE CHOLLIMA allegedly conducted the largest reported financial theft, taking $1.46 billion in cryptocurrency through trojanized software distributed via a supply chain compromise. GOLDEN CHOLLIMA used recruitment-themed lures to divert cryptocurrency funds and access cloud environments at fintech organizations in Southeast Asia and Canada. FAMOUS CHOLLIMA scaled operations with AI-generated identities against cryptocurrency exchanges, fintech platforms, and consumer banks, while STARDUST CHOLLIMA used AI-generated recruiter personas and synthetic video conferencing environments against fintechs in North America, Europe, and Asia. The findings matter for DPRK tracking because they tie large-scale financial theft to identity abuse, SaaS and cloud access, recruiter lures, and AI-enabled social engineering in financial environments.