DPRK-Linked Hacks Drive Potential Record Year for Crypto Thefts, Chainalysis Says

2025 is shaping up to be a potentially record-breaking year for crypto thefts, with stolen funds from crypto platforms expected to eclipse a whopping $4.3 billion if trends continue, according to a new report from blockchain analytics firm Chainalysis.

In the first half of the year alone, Chainalysis said hackers have already stolen more than $2.17 billion from cryptocurrency services. That’s more than they stole during all of 2024 — and 17% more than then swindled during the same period in 2022, currently the worst year in history for crypto thefts with $3.8 billion worth of crypto stolen.

“Stolen fund activity stands out as the dominant concern in 2025. While other forms of illicit activity have shown mixed trends [year-over-year], the surge in cryptocurrency thefts represents both an immediate threat to ecosystem participants and a long-term challenge for the industry's security infrastructure,” the Chainalysis report said.

The ballooning figure is largely driven by hacks linked to North Korea’s state-sponsored hacking organization, the Lazarus Group, which was behind the record-setting $1.5 billion hack of crypto exchange Bybit earlier this year. Through their hack of Bybit alone, North Korea made more money than it did via hacking in the entirety of 2024 ($1.3 billion) — previously their most lucrative year for crypto crime. According to Chainalysis’ report, the Lazarus Group has continued to use social engineering tactics — like fake workers or the offer of fictitious job interviews — to gain access to their targets.

Wrench attacks on the rise

Another subset of crypto theft — so-called “wrench attacks,” in which attackers physically harm or intimidate crypto holders in order to access their personal wallet holdings — is also on the rise in 2025. According to Chainalysis, these types of physical attacks have led to a spike in personal wallet compromises, which account for 23.35% of the crypto thefts so far this year.

In their report, Chainalyis attributed the uptick in personal wallet thefts to a confluence of factors including improved security practices at major services, which they said could be pushing attackers towards individuals “perceived as easier targets,” the increased value of crypto held in personal wallets over time, and the development of more sophisticated “indidual-targeting techniques” potentially driven by the rise in AI tools.

“It is clear that 2025 is well on track to have potentially twice as many physical attacks as the next highest year on record,” the report said. “It is also worth noting that, since many attacks go unreported, the true number of such incidents is likely far higher.

Chainalysis’ report identified a “clear correlation” between the rise of wrench attacks and the rising price of Bitcoin, “suggesting that a future increase in asset values (and the perception of its future upward movement) may trigger additional opportunistic physical attacks against known crypto holders.

“Overall, while these violent attacks remain comparatively rare, the physical dimension — including maiming, kidnapping, and homicide — elevates the human impact of these cases to an extraordinary degree,” the report said.

Chainalysis’ report urged crypto investors to improve their operational security (or “OpSec”), including keeping their crypto holdings private, to reduce the likelihood of being targeted by attackers. “Substantial” crypto holders the report suggested, might also consider “traditional personal security measures,” including hiring professional security personnel, “may be warranted.”

On average, thieves targeting personal wallets are less sophisticated than their counterparts targeting exchanges and companies, Chainalysis said. Bad actors who target personal wallets — both wrench attackers and otherwise — leave larger balances of their stolen funds on chain rather than immediately laundering their ill-gotten gains using mixers or other methods. According to the report, personal wallet thieves currently hold around $8.5 billion in crypto on-chain, compared to just $1.2 billion in funds taken from services.