North Korea denies involvement in crypto hacks as state-sponsored groups are linked to $6 billion in thefts since 2017, including $1.5 billion from Bybit.
North Korea has issued a formal denial regarding its alleged role in a series of high-profile international cryptocurrency thefts, labeling the accusations as absurd slander. Through the Korean Central News Agency, the country’s Foreign Ministry characterized the claims as a political maneuver by the United States to damage its global reputation. This rebuttal arrives as international scrutiny intensifies, with intelligence agencies and security firms consistently attributing large-scale cyberattacks to state-sponsored entities like the Lazarus Group.
The gap between official denials and forensic evidence remains wide. Blockchain intelligence firm TRM Labs reports that North Korean hackers have successfully siphoned over $6 billion in digital assets since 2017. The sophistication of these operations has evolved, moving from traditional corporate targets like the 2014 SONY stock page breach to complex decentralized finance protocols and major exchanges. The financial impact is significant, with North Korea’s share of global cryptocurrency hacking losses reportedly surging to 64% in 2025.
Recent incidents highlight the operational reach of these groups. In February 2025, the FBI confirmed the theft of approximately $1.5 billion in virtual assets from the Bybit exchange. This followed an attack in July 2024 on WazirX, India’s largest cryptocurrency exchange, which resulted in the loss of $235 million. Furthermore, the decentralized finance platform KelpDAO recently suffered an exploit that drained between $290 million and $292 million. These events underscore the persistent liquidity risk facing platforms that hold significant user deposits in hot wallets.
For market participants, the primary concern is not the geopolitical rhetoric but the continued vulnerability of exchange infrastructure. When state-sponsored actors target liquidity pools, the resulting outflows often trigger immediate volatility and force platforms to suspend withdrawals to preserve remaining assets. The sheer volume of stolen funds—now totaling billions—creates a constant supply of illicit assets that must eventually be laundered through mixers or decentralized protocols. This process creates ongoing pressure on regulatory bodies to tighten anti-money laundering requirements for exchanges.
While the denial from Pyongyang is a predictable diplomatic response, it does nothing to mitigate the technical risks inherent in current crypto market analysis. The frequency of these attacks suggests that security protocols are struggling to keep pace with the methods employed by advanced persistent threat groups. Investors should focus on the custody practices of the platforms they utilize, specifically looking for cold storage ratios and insurance coverage for potential breaches. The next concrete marker for this risk will be the release of updated blockchain forensic reports, which will likely track the movement of the $1.5 billion stolen from Bybit and the $290 million taken from KelpDAO. Any sudden movement of these funds into centralized exchanges will serve as a catalyst for further regulatory action and potential platform-specific liquidity freezes.
AI-drafted from named sources and checked against AlphaScala publishing rules before release. Direct quotes must match source text, low-information tables are removed, and thinner or higher-risk stories can be held for manual review.