CertiK: North Korea has become a $6.75B problem for the crypto industry
CertiK reports North Korean hackers have stolen $6.75 billion in crypto since 2016 across 263 incidents, with 2025 losses hitting $2.06 billion despite accounting for just 12% of total breach attempts. The Lazarus Group and its affiliates, like TraderTraitor, are exploiting social engineering, supply chain flaws, and DeFi vulnerabilities, with 2026 already seeing $620.9 million in losses from high-profile breaches like Drift Protocol and KelpDAO.
Blockchain security firm CertiK has revealed that North Korean state-sponsored hackers have siphoned $6.75 billion in cryptocurrency since 2016, targeting 263 projects through sophisticated tactics. The report, published May 12, highlights a growing threat: despite representing only 12% of total crypto theft incidents in 2025, North Korean actors were responsible for 60% of the stolen value, totaling $2.06 billion out of $3.4 billion in losses. This year, they’ve already accounted for 55% of 2026’s losses, with $620.9 million stolen in just two major breaches—Drift Protocol ($285 million) and KelpDAO ($292 million)—both linked to the Lazarus Group’s TraderTraitor operation. Most attacks bypass technical vulnerabilities by manipulating individuals, including fake job offers, impersonating venture capitalists, or infiltrating development teams under false identities. CertiK’s analysis found that North Korean operatives exploited Drift’s multisig system through in-person meetings and Solana’s nonce feature, draining funds in 12 minutes. Similarly, the $1.5 billion Bybit hack in February 2025 targeted third-party infrastructure rather than smart contracts, demonstrating the group’s ability to compromise even institutional-grade security. The FBI attributed that attack to TraderTraitor, a Lazarus Group affiliate. The KelpDAO breach followed a different approach: attackers exploited a design flaw in a LayerZero bridge, stealing funds despite Arbitrum freezing $75 million of the stolen assets. Researchers like ZachXBT have traced $16.58 million in direct crypto payments to North Korean IT workers posing as developers between January and July 2025, further illustrating the group’s deep infiltration tactics. CertiK and TRM Labs warn that the threat is escalating, with North Korean hackers refining their methods to maximize payouts while reducing the number of attacks. The industry’s defenses are struggling to keep pace, as social engineering and supply chain compromises remain effective against even well-funded projects. The firms urge crypto platforms to adopt stricter verification protocols and monitor for unusual behavior, such as unauthorized access requests or suspicious developer activity.
This content was automatically generated and/or translated by AI. It may contain inaccuracies. Please refer to the original sources for verification.