North Korea doesn’t allow its citizens to own cryptocurrency. That’s the official line. But while ordinary North Koreans are locked out of the digital economy, the regime has turned crypto into its most powerful weapon abroad - stealing over $2.17 billion in 2025 alone. That’s more than the entire previous year, and it’s all going to fund nuclear missiles, not Bitcoin portfolios.
The ByBit Hack: A New Benchmark in Crypto Theft
On February 21, 2025, the world’s largest cryptocurrency exchange hack happened - not in a shadowy basement in Eastern Europe, but orchestrated by a state-run cyber unit in Pyongyang. The target: ByBit. The result: $1.5 billion stolen. That’s not just a record. It’s a turning point. What made this attack different wasn’t just the size. It was how they did it. ByBit used "cold" wallets - hardware devices stored offline, disconnected from the internet, considered nearly unhackable. Yet North Korean hackers breached them. How? They didn’t crack the code. They cracked the people. The FBI labeled the operation "TraderTraitor." Their investigation showed that insiders - employees at crypto firms, often unaware they were working for North Korea - were recruited through fake job postings. These workers, posing as developers in the U.S., Canada, or Germany, were actually operating remotely from Pyongyang. Once inside, they installed backdoors, stole credentials, and moved funds before anyone noticed. The stolen assets were instantly broken into thousands of wallet addresses across Ethereum, Bitcoin, and other blockchains. Blockchain analysts now track these addresses. Some are still active. Others have been laundered through bridges and decentralized exchanges. The money isn’t sitting still. It’s being converted, moved, and hidden.How North Korea Turns Hackers Into Cash Machines
This isn’t just about one big heist. It’s a full-scale industrial operation. The North Korean regime runs a global workforce of 5,000 to 8,000 IT workers, disguised as freelancers or remote employees. They’re sent to China, Russia, Southeast Asia, and even Africa under fake identities. They get paid in cryptocurrency - not bank transfers, because those leave a paper trail. They work for Western tech companies, building apps, managing servers, writing code - all while funneling money back to the state. The United Nations estimates this scheme brings in $600 million a year. That’s not a side hustle. That’s a national revenue stream. And it’s legal in the countries where these workers are based - because no one knows who they really are. Meanwhile, North Korea’s hacking teams focus on exchanges, DeFi protocols, and crypto bridges. They don’t need to be the best coders. They just need to be smarter than the security teams. And they are.
The Cambodia Connection: Laundering Crypto in Plain Sight
Money doesn’t stay on the blockchain forever. It needs to become cash. That’s where Cambodia comes in. In 2025, the U.S. Treasury’s FinCEN flagged the Huione Group - a Cambodian company with ties to North Korea - as a major money laundering hub. Huione Guarantee and Huione Crypto were used to convert stolen crypto into stablecoins that can’t be frozen. These stablecoins then flowed into casinos, real estate deals, and luxury goods markets across Southeast Asia. Huione didn’t just move money. They made it look clean. Their network includes shell companies, fake invoices, and front businesses that accept crypto payments for services that don’t exist. The result? Millions of dollars in stolen assets now appear as "legitimate" income in global financial systems. This isn’t an accident. It’s a strategy. North Korea picked Cambodia because it has weak oversight, a booming gambling industry, and no extradition treaties with the U.S. or EU. It’s the perfect sandbox for laundering.How the U.S. Is Fighting Back - And Why It’s Not Enough
The U.S. government didn’t sit idle. In March 2025, the Treasury’s OFAC sanctioned the Korea Sobaeksu Trading Company and three key individuals tied to the hacking operations. The Department of Justice unsealed indictments against seven North Korean nationals. The State Department offered rewards up to $7 million for information leading to arrests. The FBI started warning exchanges, wallet providers, and blockchain analytics firms: block transactions tied to known TraderTraitor addresses. Some did. Others didn’t - because tracking crypto is hard, and compliance costs money. Senators Elizabeth Warren and Jack Reed demanded answers. "Why are we still letting North Korea steal billions?" they asked. The answer? Because the system is broken. Most crypto exchanges still use outdated security tools. Many don’t monitor for unusual wallet activity. Some don’t even know who their users are. And even when they do, there’s no global database of known bad actors - just scattered alerts from the FBI and Treasury. The cost of stopping one major hack like ByBit? Experts say it would take $50 million in better security, AI monitoring, and staff training. Most exchanges spend $5 million. The math doesn’t add up.
Why the Crypto Ban Doesn’t Matter - And What It Really Means
North Korea bans crypto for its people. That’s not about protecting citizens. It’s about control. If citizens could trade crypto, they could bypass state surveillance. They could send money out of the country. They could access information from the outside world. But for the regime? Crypto is the perfect tool. It’s borderless. It’s anonymous. It’s untraceable - unless you’re looking hard enough. And North Korea is looking harder than anyone. The ban isn’t about ethics. It’s about asymmetry. While its own people starve under sanctions, the regime uses stolen crypto to buy missile parts, fuel, and high-tech components from black-market suppliers in China and Russia. The money doesn’t go through banks. It doesn’t get flagged. It just moves - from hacker to wallet to casino to luxury car dealership.What Comes Next
The attacks aren’t slowing down. In fact, they’re accelerating. North Korea’s cyber units are now training in AI-assisted phishing, deepfake voice scams, and automated wallet exploitation. They’re learning from each failure. And they’re getting better. The global crypto industry is still treating this like a criminal problem. It’s not. It’s a national security threat. One that’s funded by stolen digital cash and executed by state-backed hackers who operate with impunity. Without coordinated international action - real sanctions, real tracking, real consequences - this will only get worse. By 2027, experts predict North Korea could steal over $5 billion a year. That’s more than the entire GDP of some small nations. The crypto world thought it was immune to war. It was wrong. The war is here. And the battlefield is your wallet.Why does North Korea ban crypto for its citizens but steal it from others?
North Korea bans crypto for its citizens to maintain total control over information and finances. If ordinary people could use crypto, they could bypass state surveillance, send money abroad, or access uncensored news. But for the regime, crypto is a weapon - a way to steal billions from global exchanges and launder it through third countries to fund its nuclear program without using traditional banks that can be sanctioned.
How did North Korea hack ByBit’s cold wallets?
They didn’t break the hardware. They broke the people. North Korean operatives infiltrated ByBit’s supply chain by posing as remote IT workers hired from abroad. Once inside, they gained access to internal systems, stole credentials, and manipulated security protocols to access the cold wallet keys. The attack relied on social engineering, not brute force - a pattern seen in nearly all major DPRK crypto heists.
What role does Cambodia play in North Korea’s crypto theft?
Cambodia has become a major laundering hub for North Korean crypto funds. The Huione Group, based in Cambodia, uses fake businesses, gambling operations, and untraceable stablecoins to convert stolen crypto into clean cash. U.S. regulators have identified Huione as a key link in the money trail, with executives directly tied to North Korean intelligence. The country’s weak financial oversight makes it ideal for hiding illicit funds.
Are North Korean hackers really working for Western companies?
Yes. Thousands of North Korean IT workers are employed remotely by U.S., European, and Asian tech firms under false identities. They use VPNs and fake resumes to appear as developers in the U.S. or Germany. They’re paid in crypto, which avoids banking scrutiny. Many companies don’t know they’re hiring state-sponsored hackers - until it’s too late.
Can crypto exchanges stop these attacks?
They can try - but most aren’t doing enough. Stopping these attacks requires AI-powered transaction monitoring, real-time wallet tracking, strict KYC for remote workers, and global sharing of threat data. But these tools are expensive. Many exchanges cut corners to save money. Until regulators force them to invest in real security, the attacks will keep succeeding.
What’s the U.S. doing to stop North Korea’s crypto theft?
The U.S. has sanctioned North Korean entities like Korea Sobaeksu Trading Company, indicted seven hackers, and offered up to $7 million in rewards for information. The FBI is working with exchanges to block known stolen addresses. But these are reactive measures. There’s no global system to prevent hackers from getting hired in the first place, and no way to stop money laundering in places like Cambodia. The response is fragmented - and too slow.
Is North Korea the biggest crypto threat in the world today?
Yes. In 2025, North Korea stole more crypto than all other cybercriminal groups combined. Their attacks are state-funded, highly coordinated, and aimed at national survival - not profit. Unlike ransomware gangs or DeFi scammers, they have unlimited resources, long-term planning, and no fear of jail. That makes them the most dangerous crypto threat on the planet.
