Crypto Theft Impact Calculator
Calculate Military Impact
Enter the amount stolen from cryptocurrency platforms to see how it funds North Korea's military programs. Based on 2025 data: $10 million = 1 missile; $150 million = 1 nuclear warhead.
Impact Analysis
Enter an amount to see how much military capability it funds.
North Korea doesn’t allow its citizens to own cryptocurrency. That’s not because they’re worried about financial risk or market volatility. It’s because they’re stealing it themselves - on a scale no other nation ever has.
In 2025, North Korea stole over $2.17 billion from cryptocurrency exchanges and DeFi platforms. That’s more than the entire global total of crypto thefts in 2024. The biggest single heist? The ByBit hack on February 21, 2025. The FBI called it "TraderTraitor." It wasn’t just a breach. It was a surgical strike on the most secure systems in crypto.
ByBit’s cold wallets - hardware devices kept offline, the gold standard for security - were compromised. How? Not by brute force. Not by a software flaw. By human error. North Korean hackers had infiltrated the exchange’s IT team. They didn’t break in from outside. They were already inside. Some were contractors. Others were employees posing as remote workers from Vietnam, China, or even the U.S. They had access. They waited. Then they moved.
Within hours, $1.5 billion in crypto was converted into Bitcoin and Ethereum, split across thousands of wallet addresses. The money didn’t vanish. It flowed. Through decentralized bridges. Through mixers. Through stablecoins issued by Cambodia-based shell companies. The trail didn’t end at a single wallet. It splintered into hundreds of paths, each designed to confuse investigators and delay freezing.
This wasn’t a one-off. It was the peak of a five-year buildup. North Korea’s crypto operations have evolved from clumsy phishing scams into a state-run industrial operation. The regime treats cryptocurrency theft like a military campaign. Every dollar stolen goes directly to funding its nuclear weapons and missile programs. Sanctions block oil, weapons, and luxury goods. But they can’t stop digital cash - if you know how to move it.
How North Korea Turns Hackers Into Revenue Generators
Behind every major hack is a team. And behind every team is a recruitment pipeline.
The U.N. estimates North Korea sends over 5,000 IT workers abroad under false identities. They work as software developers, cybersecurity analysts, and freelance coders for companies in Europe, the U.S., and Southeast Asia. They use VPNs to mask their location. They build fake portfolios. They pass technical interviews. They get paid in cryptocurrency - because it’s harder to trace than bank transfers.
These workers aren’t just earning salaries. They’re building tools for their home country. They write malware. They design phishing kits. They test exploits on corporate networks. When they’re not coding, they’re feeding intel back to Pyongyang. Some are conscripted. Others are coerced. A few may believe they’re working for a tech startup. Either way, their labor is a key pillar of North Korea’s crypto economy.
One group, Korea Sobaeksu Trading Company, is directly tied to this operation. In May 2025, the U.S. Treasury sanctioned it - along with three senior officials - for running the IT worker program. Kim Se Un and Jo Kyong Hun were named as key players. Jo, in particular, was described as the "bridge" between North Korean hackers and overseas contractors. He didn’t write code himself. He managed the system.
The Money Laundering Pipeline: Cambodia and Stablecoins
Stolen crypto doesn’t stay on the blockchain. It has to become cash. And for that, North Korea relies on Cambodia.
Cambodia’s financial system is weak. Its gambling industry is booming. Its regulators are underfunded. That’s why the Huione Group became the regime’s favorite laundering hub. Huione Guarantee offered fake loan services. Huione Crypto issued untraceable stablecoins. Between 2021 and 2025, over $37.6 million in North Korean crypto flowed through them.
Here’s how it worked: A hacker in Pyongyang sends $10 million in Ethereum to a Huione wallet. Huione converts it into their own stablecoin, pegged to the U.S. dollar. That stablecoin is then traded on local exchanges for real cash. The cash is moved through casinos, real estate deals, and shell companies. Eventually, it ends up in bank accounts in Thailand, Laos, or even Dubai - all outside U.S. jurisdiction.
The U.S. Financial Crimes Enforcement Network (FinCEN) flagged Huione in May 2025. But by then, the money was gone. The infrastructure remains. And new players are stepping in.
Why the U.S. Can’t Stop It
The FBI, Treasury, and DOJ have responded aggressively. They’ve sanctioned companies. They’ve unsealed indictments. They’ve offered up to $7 million rewards for information leading to arrests.
But here’s the problem: North Korean hackers aren’t sitting in Pyongyang. They’re in Manila, in Bucharest, in Nairobi. They’re not wearing uniforms. They’re not carrying passports labeled "DPRK." They’re working from home, in cafes, in shared offices. Arresting them means crossing international borders, coordinating with governments that don’t want to cooperate - or can’t.
Even when exchanges freeze known addresses, the hackers just create new ones. Blockchain analytics firms can track the flow, but they can’t stop it. The system is too decentralized. Too fast. Too global.
And then there’s the human factor. Western companies hire freelancers without verifying their location. They trust resumes. They trust video calls. They don’t ask: "Are you really in Berlin? Or are you in Pyongyang, using a VPN and a fake ID?"
Senators Elizabeth Warren and Jack Reed asked Treasury in June 2025: "What are you doing differently after ByBit?" The answer? Not much. Agencies are scrambling. But the threat keeps growing.
What This Means for Crypto Users
If you trade crypto, you’re not just dealing with market risk. You’re part of a system that’s being exploited by a hostile state.
Exchanges are under pressure to spend more on security. But most small platforms can’t afford the kind of monitoring needed to catch North Korean transactions. The big ones - Coinbase, Kraken, Binance - have teams dedicated to tracking suspicious flows. But even they got breached.
DeFi protocols are even more vulnerable. They’re open-source. They’re unregulated. They don’t have customer support teams. A single smart contract flaw can be exploited in minutes. North Korean hackers have already targeted over a dozen DeFi bridges in 2025 alone.
The lesson? Don’t assume security. Assume you’re a target. Use hardware wallets. Never reuse addresses. Avoid unknown DeFi platforms. And if you’re hiring remote developers - verify their identity. Ask for references. Check their work history. Ask for video calls in real time - not pre-recorded.
The Bigger Picture: A New Kind of War
North Korea isn’t trying to overthrow governments. It’s not launching cyberattacks on power grids. It’s doing something quieter - and more dangerous.
It’s turning crypto into a war chest.
Every dollar stolen from a U.S. exchange means another missile can be built. Another nuclear warhead can be tested. Another soldier can be trained. The regime doesn’t need to sell oil. It doesn’t need to export textiles. It just needs to hack one exchange.
And the world is still waking up to the fact that this isn’t just a crime problem. It’s a national security crisis. A cyberwar that doesn’t require tanks. Just a laptop and a VPN.
For now, North Korea holds the upper hand. They’re faster. They’re smarter. They’re patient. And they’re funded by the very technology meant to make finance free and open.
Until the global community treats crypto theft the same way it treats missile tests - with coordinated sanctions, intelligence sharing, and real consequences - this won’t stop. It’ll only get worse.
Why does North Korea ban cryptocurrency for its citizens?
North Korea bans crypto for its citizens to prevent them from accessing outside financial systems and bypassing state control. The regime wants to monopolize all digital currency flows for its own use - especially to fund nuclear weapons and evade international sanctions. Ordinary citizens aren’t allowed to hold or trade crypto, but state hackers are authorized to steal it globally.
How did North Korea hack ByBit’s cold wallets?
North Korea didn’t break into ByBit’s cold wallets from the outside. They infiltrated the company’s internal team using remote IT workers who posed as legitimate contractors. These workers had access to internal systems and used their credentials to trigger transfers from offline wallets. The attack relied on social engineering, not technical exploits - proving that human access is the weakest link in crypto security.
Is Cambodia still a major hub for North Korean crypto laundering?
Yes. Despite U.S. sanctions on the Huione Group, North Korea continues using Cambodia’s loose financial regulations to launder crypto. New shell companies have emerged since Huione was targeted, often operating under different names but using the same infrastructure - gambling platforms, fake loan services, and unregulated stablecoins. Cambodia lacks the resources to fully monitor these operations, making it a persistent weak point.
How much money has North Korea stolen from crypto in total?
As of November 2025, North Korea has stolen over $2.17 billion from cryptocurrency services this year alone - the highest annual total ever recorded. Since 2017, the total estimated thefts exceed $4.5 billion. The ByBit hack in February 2025, which stole $1.5 billion, accounts for nearly 70% of this year’s total.
What can individual crypto users do to protect themselves?
Use hardware wallets for long-term storage. Never reuse wallet addresses. Avoid unknown DeFi protocols. Enable multi-signature transactions where possible. If you’re hiring remote developers, verify their identity with video calls and third-party background checks. Assume any crypto transaction could be linked to a North Korean actor - and treat security like a first line of defense, not an afterthought.
North Korea’s crypto operation is not going away. It’s scaling. And unless the world treats it like the weapon it is - not just a crime - the thefts will keep rising. The next billion-dollar hack isn’t a question of if. It’s a question of when.
6 Comments
This isn't just hacking-it's economic warfare. North Korea turned crypto into their personal ATM, and the U.S. is still treating it like a banking glitch. We sanction oil, we sanction weapons, but we let them steal billions in digital cash like it's some online poker game? Wake up. This is a national security emergency, not a tech blog post.
The systemic failure here is not technical-it's institutional. Governments and corporations alike continue to outsource critical infrastructure to unvetted remote contractors, assuming anonymity equals legitimacy. The ByBit breach was not an exploit of code, but of trust. Until we enforce mandatory identity verification for all third-party IT personnel handling sensitive systems, this will continue. The cost is not just financial-it's existential.
I’ve worked with freelance devs from all over the world. Some of them are brilliant. Some are just trying to make rent. But the idea that any company hiring remotely is checking if someone is really in Berlin or secretly in Pyongyang? That’s a fantasy. We’re all complicit in this. We want cheap labor, we want flexibility, we want to believe the resume. Meanwhile, someone’s coding malware in a basement while pretending to be a UX designer from Vancouver. It’s not just North Korea-it’s the entire model of remote work that’s broken.
Wow, so the bad guys are good at hacking? Shocking. Next you’ll tell me water is wet and the sun rises in the east. Can we get a hot take that doesn’t sound like a press release from the Department of Homeland Security?
Let me break this down like I’m talking to a friend who just got scammed on a DeFi platform: Your seed phrase is your soul. If you’re storing crypto on an exchange-even Coinbase-you’re already playing Russian roulette. Cold wallets? Good start. But if your laptop’s compromised, they’ll steal your keys while you sleep. The real problem? We treat crypto like stocks. It’s not. It’s digital gold with no police. And North Korea? They’re the only ones who know how to use it.
Oh no, the scary communist hackers stole money. How original. Maybe if we stopped pretending blockchain is ‘decentralized freedom’ and actually regulated it like a financial instrument, we wouldn’t be so shocked when criminals exploit it. The real villain here isn’t Pyongyang-it’s the libertarian dreamers who thought unregulated code could replace banks. Surprise: code doesn’t have morals. People do. And we hired the wrong ones.