CYFIRMA links the weakening of UN sanctions monitoring after the April 2024 termination of the DPRK Panel of Experts to continued North Korean cyber-enabled sanctions evasion. The report says North Korean actors stole about $1.34 billion across 47 cryptocurrency incidents in 2024 and were responsible for roughly $1.5 billion of more than $2 billion stolen in the first half of 2025. It highlights Lazarus/APT38, Andariel/APT45, and Kimsuky/APT43 activity across crypto theft, laundering, defense-technology collection, IT-worker infiltration, and possible ransomware collaboration. Case studies include the FBI-attributed TraderTraitor theft from Bybit, the DMM Bitcoin exploit, the WazirX breach, the KnowBe4 fake-worker incident, and Jumpy Pisces access that preceded Play ransomware activity, showing DPRK operations blending financial theft, espionage, insider access, and laundering through cross-chain transfers.