Chainalysis reports that North Korean hackers stole at least $2.02 billion in cryptocurrency in 2025, a 51% year-over-year increase that raised the DPRK’s lower-bound cumulative crypto theft total to $6.75 billion. The body explains that fewer confirmed DPRK incidents produced larger returns, driven in part by high-impact service compromises such as Bybit and by privileged access gained through IT-worker infiltration of exchanges, custodians, and web3 firms. It also describes evolving social engineering in which DPRK-linked operators impersonate recruiters, investors, or acquirers to harvest credentials, source code, VPN access, and SSO access from current employers. Laundering analysis shows DPRK actors favor smaller tranches, Chinese-language money movement and guarantee services, cross-chain bridges, mixers, and specialized services such as Huione, with major thefts following a roughly 45-day multi-wave laundering cycle.