TRM Labs assessed that North Korea-linked hackers stole at least USD 600 million in cryptocurrency in 2023, with late-year activity potentially raising the total to about USD 700 million if confirmed. The report says DPRK-linked operations accounted for almost one third of all stolen crypto funds that year, and that North Korea-linked hacks were on average ten times more damaging than non-DPRK incidents. The main attack pattern described is compromise of private keys and seed phrases, followed by transfers into wallets controlled by North Korean operatives and conversion through USDT or Tron into hard currency via high-volume OTC brokers. Laundering infrastructure shifted as Tornado Cash and ChipMixer faced sanctions and enforcement pressure, with North Korea moving to Sinbad before OFAC sanctioned it in November 2023 and then continuing to explore other tools. The scale of nearly USD 1.5 billion stolen over two years highlights why DPRK crypto theft remains a major sanctions-evasion and cyber-finance threat.