MSMT’s findings, summarized by SlowMist, state that the DPRK used cyber operations, cryptocurrency theft, overseas IT workers, front companies, and intermediaries to evade UN sanctions and raise funds for weapons programs. The excerpt says DPRK-linked cryptocurrency theft reached at least USD 1.19 billion in 2024 and USD 1.645 billion from January to September 2025, including TraderTraitor activity against Bybit, DMM Bitcoin, and WazirX. It describes multiple DPRK-linked clusters and workers using social engineering, fake recruitment, malicious NPM packages, cryptocurrency software, supply chain intrusions, and malware such as BeaverTail and InvisibleFerret to target cryptocurrency firms and workers. The report matters for defenders because it connects revenue generation, espionage, IT-worker fraud, and laundering infrastructure into a state-level sanctions-evasion ecosystem.