North Korea doesn’t need banks to move money. It doesn’t even need traditional smuggling routes. Instead, it uses blockchain technology - the same system that powers decentralized finance - to turn stolen digital coins into cash, weapons, and missiles. Since 2017, North Korean hackers have stolen over $3 billion in cryptocurrency, and by 2025, an estimated $2.1 billion of that had already been converted into usable fiat currency. This isn’t random hacking. It’s a state-run operation, carefully designed to bypass sanctions, evade detection, and fund a nuclear program that the rest of the world is trying to stop.
How the Theft Begins
The process starts with a digital break-in. North Korea’s most notorious hacking group, Lazarus, doesn’t rely on brute force. It uses phishing, fake job postings, and supply chain attacks to get inside exchanges, wallets, and crypto platforms. In 2023, they hacked Atomic Wallet by compromising a software update, stealing $100 million from over 4,000 users in one go. In February 2025, they pulled off the biggest heist in crypto history: $1.5 billion from Bybit, a major centralized exchange. These aren’t one-off events. They’re scheduled, rehearsed, and repeated.What makes these attacks so effective? They target human error, not just code. North Korean operatives pose as recruiters on LinkedIn, offering high-paying remote jobs in blockchain development. Once hired, they gain access to internal systems and quietly route funds out before anyone notices. The FBI estimates that 68% of all crypto thefts linked to North Korea start with this kind of insider access.
From Stolen Crypto to Clean Money
Stealing the coins is only half the battle. The real challenge? Turning them into cash you can spend on a missile factory.Early on, hackers just withdrew stolen ETH or BTC directly to exchanges. But as regulators caught on, North Korea adapted. Now, they use what experts call a “flood the zone” strategy. For every $10 million stolen, they execute 400 to 500 transactions in under 72 hours - moving money across Bitcoin, Ethereum, Solana, and Binance Smart Chain. Each hop makes it harder to trace. The goal isn’t to hide the money forever. It’s to make it look like it came from somewhere else.
They don’t use mixing services like Tornado Cash anymore - that was shut down in 2022. Instead, they use cross-chain bridges. These are tools designed to let users move crypto between blockchains. But they’re poorly regulated. Between 2021 and 2024, over $1.2 billion in North Korean-linked crypto passed through bridges like Ren Bridge and Avalanche Bridge. Once the funds are scattered across multiple chains, they get converted into Bitcoin. Why? Because BTC is the most liquid, most widely accepted crypto in the world. Over 82% of all stolen assets are ultimately funneled into Bitcoin before the final cash-out.
The Final Step: Turning Crypto Into Cash
This is where geography matters. North Korea doesn’t have its own banks. So it outsources the dirty work.Cambodia has become the main hub. The country’s financial oversight is weak, and its crypto scene is barely monitored. The U.S. Treasury has identified a company called Huione Group as a key player. Huione’s subsidiaries operate “crypto cafes” in Sihanoukville - small shops where people walk in with digital wallets and walk out with cash. No ID. No questions. Each cafe processes $500,000 to $2 million per month. As of March 2025, there were 14 of them operating openly.
China is still a secondary hub. Even though Beijing has cracked down on crypto, underground networks persist. In February 2024, the U.S. Department of Justice indicted two Chinese nationals for moving $250 million in North Korean crypto through 37 bank accounts. The money came in as crypto, got converted to yuan, and was funneled into real estate, luxury goods, and shell companies.
Macau’s casinos are another weak link. Unlike regulated casinos in Las Vegas or Singapore, many Macau venues accept crypto deposits with less than 5% identity verification. A 2024 TRM Labs report showed that 15% of stolen crypto from North Korean hacks ended up at these tables - converted into chips, then cashed out as clean money.
The Human Network Behind the Scenes
You can’t run this operation with just hackers. You need people on the ground.North Korea has deployed over 10,000 IT workers abroad - mostly in China, Russia, and Southeast Asia. These aren’t spies. They’re engineers, customer support reps, and freelance developers. They use fake identities - often pretending to be from India or Vietnam - to get hired by crypto firms. Once inside, they exploit their access to move funds. In 2024, CSIS documented 27 cases where North Korean workers at Chinese exchanges set up backdoors that allowed transfers from crypto wallets directly into bank accounts - all with only a 12-hour notice window. Standard fraud detection systems take 72 hours. They had a 5-day window to disappear.
These workers also create fake freelance profiles on Upwork and Fiverr, offering “blockchain consulting.” Clients pay them in crypto. They cash out locally, send the fiat to North Korea, and keep a cut. It’s a low-risk, high-reward system. The UN estimates this network brings in $600 million per year.
Why It’s Working - And Why It’s Starting to Fail
For years, North Korea had the upper hand. Blockchain was new. Regulators were slow. Exchanges didn’t talk to each other. But things are changing.The Crypto-Asset Reporting Framework, rolled out in late 2024, now requires over 100 countries to share transaction data. That means if someone tries to cash out $50,000 in Cambodia, the exchange has to report who sent it, where it came from, and who received it. This has already caused a 22% drop in successful cash-outs in Q1 2025.
At the same time, blockchain analytics have gotten smarter. Companies like TRM Labs and Chainalysis can now trace transactions across multiple chains with 90% accuracy. In 2020, North Korea had a 65% success rate in converting stolen crypto to cash within 90 days. By 2025, that number jumped to 92%. But now, the pressure is mounting. The U.S. Treasury says success rates will drop to 40% by 2027.
Still, North Korea isn’t giving up. They’re building their own tools. A March 2025 CSIS report revealed they’re testing “stablecoin arbitrage laundering” - using price differences between regional exchanges to convert stolen USDC into local currency with almost no trail. They’ve also recruited 37 former crypto developers to build custom cross-chain protocols that could move $500 million without leaving a trace.
What’s Next?
The game is shifting. North Korea can’t rely on the same tricks forever. But they don’t need to. They just need one weak point - one unregulated exchange, one corrupt official, one country that won’t cooperate.The real question isn’t whether they can still cash out. It’s whether the world will act before they fund their next missile test. Every dollar they launder buys more uranium. Every successful hack funds another submarine. And while blockchain experts race to close loopholes, North Korea keeps adapting - faster than anyone expected.
For now, the system still works. But the clock is ticking. And the next $1 billion heist might be the last one they pull off.
How much cryptocurrency has North Korea stolen?
Between 2017 and 2025, North Korean hacking groups have stolen over $3 billion in cryptocurrency, according to TRM Labs and Chainalysis. The largest single theft was the $1.5 billion Bybit hack in February 2025, the biggest in crypto history.
How does North Korea turn crypto into cash?
They use a multi-stage process: first, moving stolen assets across multiple blockchains to obscure origin; second, converting them into Bitcoin (the most liquid crypto); and third, cashing out through unregulated exchanges in Cambodia, China, and Macau. Final conversion often happens at crypto cafes with no ID checks.
Why Cambodia?
Cambodia has weak financial oversight and no strict KYC rules for crypto. The U.S. Treasury has identified Huione Group as a key laundering entity, operating 14 crypto cafes in Sihanoukville that process millions monthly with zero identification.
Do North Korean hackers use mixing services?
They used to. Tornado Cash was a major tool, processing $1.2 billion in stolen funds before it was sanctioned in 2022. Since then, they’ve shifted to cross-chain bridges and high-frequency transactions to avoid detection.
How do North Korean workers help with cash-outs?
Thousands of North Korean IT workers are placed in crypto firms across Asia. Using fake identities, they gain access to internal systems and create backdoors to move funds. Some work as freelancers, getting paid in crypto and converting it locally, then sending the cash home.
Is North Korea’s crypto laundering getting harder to do?
Yes. Global cooperation, mandatory reporting frameworks, and better blockchain analytics have reduced successful cash-outs by 22% in early 2025. Experts predict success rates will fall to 40% by 2027, but North Korea continues to innovate with custom protocols and stablecoin arbitrage.
8 Comments
I know it sounds scary, but honestly? This is why we need better crypto education. Not just for users, but for regulators too. If we can track this stuff across chains, imagine what we could do with global cooperation. Maybe it’s not too late to turn blockchain into a force for good, not just a weapon. I’m still hopeful.
Oh, wow. Another ‘North Korea is evil’ narrative. Let me guess-you also think the CIA didn’t use crypto to fund coups in the 90s? And that Iran doesn’t do this? And that China doesn’t have a whole department dedicated to crypto arbitrage? You’re not seeing the pattern-you’re seeing the villain in the story you were told to believe. It’s not that they’re clever. It’s that the system is rigged. And you? You’re still mad because your Coinbase account got hacked. Again.
lmao $3 bil stolen? bro that's less than what sam bankman fried stole in a weekend. and now we got some guy from trm labs acting like this is the end of the world? chill. the real story is how every 'regulated' exchange is just a front for oligarchs. north korea's just the dumb kid who got caught with his hand in the cookie jar. we're all criminals here. just some of us have lawyers.
I mean… isn’t it poetic? The very technology that was supposed to liberate us from banks… is now the tool of a totalitarian state. It’s like the universe has a sense of dark irony. We built a decentralized utopia… and it became the perfect weapon for the most centralized regime on Earth. We didn’t fail because of bad code. We failed because we forgot that humans are always the vulnerability. And now? We’re all just spectators in a tragedy written by a hacker in Pyongyang.
This isn’t about crypto. This is about America’s foreign policy failure. We spent 20 years bombing countries that didn’t have nuclear weapons, while North Korea sat in their bunker, quietly building a digital empire. We didn’t stop them with sanctions. We stopped them with memes and Twitter threads. Now they’re funding missiles with Bitcoin. And you’re all out here arguing about whether Tornado Cash was ‘ethical.’ Wake up. This is war. And we’re losing.
The institutionalization of financial obfuscation through cross-chain arbitrage, particularly when coupled with the systemic deregulation of jurisdictions such as Cambodia and Macau, represents not merely a circumvention of compliance regimes-but a fundamental erosion of the epistemic foundations of monetary sovereignty. One must question whether the blockchain, as a distributed ledger, can ever be reconciled with the normative frameworks of international law.
Cambodia has 14 crypto cafes. No ID. No questions. And you’re surprised? This isn’t hacking. It’s capitalism. The real crime is that we let it happen. We built the system. We ignored the warnings. Now we’re shocked? Pathetic.
I read this whole thing and all I could think was: we’re so close to fixing this. Not with more laws. Not with more sanctions. But with collaboration. Imagine if every blockchain analytics firm, every exchange, every government shared data openly. Not for control. But for protection. We have the tools. We just need the will. And if North Korea can adapt this fast? So can we. Let’s not wait for the next $1B heist to act.