A data-driven article explains how DPRK-linked crypto theft has become more selective, more organized, and more dangerous for the digital asset industry.
Основний текст
Читай текст у контексті й натискай підсвічені слова, щоб відкрити переклад, транскрипцію та дії зі словником.
Vocabulary:15(✓0+0-15)
knownlearningnew
North Korea’s crypto operations are no longer a side story in cybercrime. According to CertiK’s Skynet DPRK Crypto Threats Report, stole an estimated $6.75 billion across 263 crypto incidents between 2016 and early 2026. The number is already enormous, but CertiK warns that it is probably because many smaller attacks against individuals, developers, and early-stage projects are never reported publicly.
The most important trend is not simply that the total is growing. It is that the attacks appear to be becoming more selective. CertiK’s data suggests a “” strategy: fewer attacks than the rest of the market, but much larger results when an operation succeeds. In 2025, DPRK-linked actors were tied to 79 out of 656 total incidents, or about 12% of the incident count. Yet those attacks accounted for about $2.06 billion in losses, roughly 60% of the $3.4 billion stolen globally that year.
That imbalance matters. It means defenders cannot measure risk only by the number of attacks they see. A small number of well-planned operations can reshape the loss statistics for an entire year. It also shows why exchanges, DeFi protocols, wallet providers, and infrastructure companies have to think beyond ordinary technical bugs. The most damaging attacks may begin with trust, access, or routine work processes rather than with a visible weakness in smart contract code.
CertiK says the pattern has continued into 2026. From January 2026 onward, crypto incidents caused about $1.1 billion in losses, and DPRK-linked activity represented about 55% of that global total. One major example was the $291 million KelpDAO attack. Even when other criminal groups remain active, DPRK-linked campaigns continue to take a of total losses.
The report also places the 2025 Bybit exploit at the center of the story. CertiK describes the $1.5 billion Bybit hack in February 2025 as the largest crypto theft in history. It was not only large; it was instructive. The attack showed that institutional-grade security can still fail when attackers target trusted and . In other words, the weakest point may not be the wallet itself. It may be the people, vendors, signing process, or software supply chain around it.
This is where becomes central. CertiK identifies human manipulation as the primary in many major DPRK operations. Fake job offers, venture-capital impersonation, phishing, , and compromised developer environments can all create a path into a target. These tactics work because they exploit normal professional behavior. A developer opens a repository. A founder takes a call with a supposed investor. A team member trusts a tool used in daily work. The attack hides inside familiar routines.
make the problem even harder. A project can audit its own code and still be exposed if a dependency, vendor, internal tool, or build process is compromised. This is especially serious in crypto because one successful compromise can move assets quickly and permanently. Traditional finance often has more time to reverse, freeze, or investigate suspicious transfers. Crypto systems can offer speed and openness, but those same qualities can help attackers move stolen funds before victims understand what happened.
CertiK’s report also highlights the . After the Bybit hack, 86.29% of the stolen ETH was converted to Bitcoin within one month. The process used a mix of tools and services, including mixers, cross-chain bridges, decentralized exchanges, and over-the-counter brokers. This kind of laundering is not random improvisation. It looks like an industrial process designed to , move value across ecosystems, and reduce the chance that funds can be frozen.
Another growing concern is . CertiK notes that DPRK operatives have entered DeFi teams under false identities, sometimes enabling theft from inside the organization. This changes the defensive model. Companies cannot rely only on code audits, wallet policies, or endpoint protection. They also need stronger hiring checks, access controls, , , and monitoring for unusual internal behavior.
For learners, the broader point is that crypto security is not only about technology. It is about systems. A safe protocol can become vulnerable through a careless hiring process. A secure wallet can become risky through a compromised vendor. A strong team can be fooled by a believable social engineering campaign. The threat is technical, financial, political, and human at the same time.
CertiK’s numbers show why the issue is now a major security concern. If one state-linked network can account for more than half of global crypto losses in a year, the industry is dealing with more than scattered online crime. It is facing organized, patient, and well-funded operations that learn from every success. The practical lesson is clear: crypto companies need to defend not only their code, but also their people, processes, partners, and assumptions.
Вправи
Перевірте розуміння тексту, ключову лексику та зміст уроку після читання.
Після перегляду визнач, чи правильне твердження
Визнач, чи твердження правильні.
Щоб виконувати завдання, увійдіть в акаунт.
Вибери правильний варіант відповіді
Вибери правильну відповідь.
Щоб виконувати завдання, увійдіть в акаунт.
Обговорення
щоб коментувати, лайкати відповіді та скаржитися на коментарі.
Обговорення
щоб коментувати, лайкати відповіді та скаржитися на коментарі.