Crypto: The fight against North Korean hackers intensifies worldwide

With 2.84 billion dollars stolen since early 2024, the Pyongyang regime perfects its hacking techniques and deploys thousands of clandestine IT workers. Facing this growing threat, Chainalysis experts observe encouraging signs: the response capacity of Western states and crypto companies is improving significantly.

The crypto cyber war between North Korea and the West accelerates

The Multilateral Sanctions Monitoring Team (MSMT) is sounding the alarm. In its latest report, it reveals the staggering scale of North Korean cybercriminal operations: nearly three billion dollars stolen in less than two years. The spectacular Bybit hack last February alone accounts for a significant portion of this colossal loot.

However, the most worrying aspect remains the evolution of Pyongyang’s strategy. Now, the regime no longer limits itself to sporadic cyberattacks. It has in fact implemented a true “full-spectrum national program,” now rivaling the cyber capabilities of China and Russia. This rise in power demonstrates an alarming professionalization of North Korean operations.

The offensive also involves a new weapon: infiltrated IT workers. In blatant violation of UN Security Council resolutions 2375 and 2397, the DPRK has deployed thousands of agents in eight different countries. 

These clandestine developers settle mainly in Asia – China, Laos, Cambodia – but also in Africa and even Russia. Their earnings are systematically diverted to the regime to finance its armament program.

This strategy proves horrendously effective. “The MSMT report details how these funds are used to acquire all sorts of equipment, from armored vehicles to portable anti-aircraft missile systems “, explains Andrew Fierman, head of intelligence at Chainalysis, in an interview with Decrypt.

A vicious circle is formed: stolen cryptos buy weapons that strengthen the North Korean threat.

The counter-offensive takes shape

Facing this multifaceted threat, Western actors are not standing idly by. Andrew Fierman notes “a capacity of law enforcement, national security agencies, and the private sector to identify associated risks and respond.” Concrete examples of this resistance are multiplying.

Last August, the US Office of Foreign Assets Control (OFAC) hit hard by sanctioning an entire network of IT workers linked to Pyongyang. This action marks a turning point: Washington no longer content itself with pursuing hackers but dismantles their logistical infrastructures. 

At the same time, dozens of millions of dollars from the Bybit hack have been traced and recovered, some funds leading back to a Greek exchange platform.

Crypto companies themselves are stepping up. Kraken developed protocols to detect North Korean IT workers as early as May 2025. 

Binance goes even further: its head of security reveals that the platform daily rejects CVs from North Korean agents attempting to infiltrate. This constant vigilance turns the crypto industry into the first line of defense.

The key to success lies in public-private collaboration. The MSMT report perfectly illustrates this synergy. It brings together contributions from Western governments and specialized companies such as Chainalysis, Google Cloud, or Palo Alto Networks. This approach combining blockchain intelligence and traditional cybersecurity makes it possible to identify and freeze stolen funds before laundering.

The battle between Pyongyang and the West in the crypto cyberspace intensifies, but the balance of power is evolving. While North Koreans perfect their techniques, defenses are strengthening just as quickly. The stakes go far beyond the simple protection of digital assets: it is about preventing cryptos from financing the next generation of North Korean weapons.