North Korean Hackers Stole $1.6 Billion in Cryptocurrency in 2025
Date: 2025-08-06 Author: Oliver Abernathy Categories: IN WORLD
Hackers linked to North Korea stole more than $1.6 billion in digital assets in 2025, according to a Google Cloud report. The attacks were carried out through elaborate social engineering schemes, including the use of fake job postings, malware, and artificial intelligence to simulate conversations.
The UNC4899 group, also known by other names including TraderTraitor, Jade Sleet, and Slow Pisces, was active throughout the year, targeting crypto companies and gaining access to their cloud infrastructure. According to a report published by Google Cloud in collaboration with Wiz, hackers posing as recruiters contacted company employees via social media and offered to complete “test tasks.” These tasks were malicious scripts that provided remote access to the companies’ systems.
In two such attacks, both Google Cloud and AWS were hacked, targeting different companies. The result was the theft of millions of dollars in cryptocurrency. Experts emphasize that hackers actively use AI to conduct realistic correspondence and gain trust in victims.
TraderTraitor is a collective name for a series of attacks believed to be carried out by units of the Lazarus Group, APT38, BlueNoroff, and Stardust Chollima. According to Wiz, the group’s methods have evolved since 2020: first, they used malicious JavaScript applications, then malicious open-source code, and in the last two years, fake IT vacancies have become the main tool, especially aimed at employees of crypto exchanges.
The most high-profile cases include attacks on the Japanese exchange DMM Bitcoin (damages - $303 million) and Bybit, from which $1.5 billion was stolen in February - the largest attack in the history of crypto exchanges.
According to Jamie Collier from Google Threat Intelligence Group, cybercriminals from the DPRK purposefully build trust with victims, disguising themselves as specialists, journalists or teachers. And Benjamin Reed from Wiz notes that the focus on cloud infrastructure is explained by the fact that this is where both data and assets are stored.
Google and Wiz warn that the scale of attacks is not only not decreasing, but continues to grow. The number of hackers involved may reach several thousand. Earlier, TRM Labs reported that in the first six months of 2025, the crypto industry has already lost over $2.1 billion as a result of attacks.
Google expects a further increase in the activity of groups from the DPRK.
