TRM assesses that North Korea was linked to well over half of the more than USD 2.7 billion stolen in 2025 crypto hacks, making it the dominant high-value attacker in the crypto theft ecosystem. The report describes a shift from bridge-focused theft toward centralized exchanges, custodians, hot wallets, wallet signers, and software development pipelines, with social engineering through fake recruiters, LinkedIn credential theft, and developer compromise as common entry points. TRM attributes multiple large incidents from 2023 onward to North Korea, including Atomic Wallet, CoinsPaid, Alphapo, Stake.com, CoinEx, and later exchange mega-heists, while highlighting the February 2025 Bybit exploit as a roughly USD 1.5 billion loss. Laundering has also industrialized, with stolen assets fractured across chains and services before being handled by Chinese OTC brokers, underground bankers, nested exchanges, and PMLOs that settle through CNY, goods, mirror payments, or front-company channels.