
North Korea-linked hackers stole $2.02 billion in crypto in 2025, Chainalysis says. G7 leaders call for joint action but stop short of new sanctions or new exchange rules.
Alpha Score of 54 reflects moderate overall profile with strong momentum, weak quality. Based on 2 of 4 signals – score is capped at 75 until remaining data ingests.
G7 leaders called for joint action against North Korea’s cryptocurrency thefts and cybercrimes, according to a statement issued after their summit in Evian-les-Bains, France. The warning expressed deep concern over Pyongyang’s nuclear and ballistic missile programs and said member nations needed to “jointly address North Korea’s cryptocurrency thefts and cybercrimes.”
The statement did not name new sanctions, exchange rules or crypto mixer controls. It also set no timeline for enforcement action against wallets, platforms or intermediaries linked to stolen funds.
The G7 warning follows years of reports that North Korea-linked hackers use stolen crypto to raise money under heavy sanctions. Western governments and blockchain analytics firms have long tied the activity to Pyongyang’s wider weapons program.
Chainalysis said North Korean hackers stole at least $2.02 billion in crypto in 2025. That pushed the all-time total linked to DPRK actors to at least $6.75 billion, the firm said.
CrowdStrike’s 2026 financial services report said DPRK-linked actors drove a 51% yearly rise in digital asset theft in 2025. The report said North Korea-linked groups used AI-generated identities, fake recruiters and cloud access campaigns against crypto and financial firms.
As previously reported by crypto.news, North Korea-linked Lazarus attacks drained $577 million from Drift Protocol and KelpDAO in April 2026. Those two attacks accounted for most crypto theft reported that month. April became the worst month for crypto hacks in 2026, with more than $606 million stolen across 12 incidents in the first 18 days, crypto.news reported.
Those cases showed that attackers are moving beyond simple smart contract bugs. The methods included social engineering, compromised devices, bridge weaknesses and signer manipulation.
North Korea has denied U.S. and allied claims over cybercrime. In May, a Foreign Ministry spokesperson called the accusations “absurd slander.”
The spokesperson said Washington was spreading false information for political reasons.
The denial has not stopped governments and security firms from naming DPRK-linked groups as major crypto threats. CrowdStrike said North Korean actors use deception at scale, including fake identities and recruiter personas.
The latest G7 statement keeps the issue on the diplomatic agenda. It leaves open how member states plan to act. The statement did not say whether governments will tighten exchange screening, pursue new sanctions or target laundering networks more aggressively.
Prepared with AlphaScala editorial tooling from the source reporting linked above. Indexable analysis may include a cited Alpha Score value. Publishing checks screen each story before release. Educational coverage, not personalized advice.