CertiK Report: North Korean Hackers Responsible for Approximately 60% of Digital Asset Thefts in 2025, Attack Patterns Shift to "Offline Infiltration"

Odaily星球日报讯 Web3 security company CertiK has released the 《Skynet North Korean Crypto Threat Report》. Data shows that since 2016, North Korean hacker groups have plundered approximately $6.75 billion in digital assets. In 2025 alone, the losses from thefts they perpetrated reached $2.06 billion, accounting for nearly 60% of the total annual losses in the global crypto industry (including the $1.5 billion Bybit hack). As of early 2026, this threat trend continues, with the loss share hovering around 55%.

The report emphasizes that the attack patterns of North Korean hackers have undergone a fundamental shift, evolving from simple code exploits into a national-level attack system that combines social engineering, deep supply chain attacks, and "physical infiltration." In the recent Drift protocol incident, attackers spent six months infiltrating offline industry conferences, building trust through real financial transactions and interpersonal relationships before carrying out the attack.

CertiK security experts warn that against such systemic attacks at this level, purely technical defenses have proven insufficient. Crypto institutions urgently need to fully implement a "zero trust" hiring model, strengthen third-party supply chains, set up fund circuit breakers, and collaborate with professional security firms to build a full lifecycle defense system covering code audits, 24/7 risk monitoring, and on-chain anti-money laundering/KYT (Know Your Transaction) fund tracking.