Crypto theft climbed to $3.4 billion in 2025. How hackers are using AI in their scams

Cryptocurrency Hack & Theft Report 2025: A Detailed Analysis

Key Concepts:

• DPRK (North Korea): A significant nation-state actor involved in cryptocurrency theft.
• Laundering: The process of concealing the source of illegally obtained funds, particularly cryptocurrency.
• IT Worker Infiltration: North Korean operatives posing as IT professionals to gain access to systems.
• Unique Victims: The number of individual users or entities affected by cryptocurrency theft.
• AI-Powered Scams: The use of artificial intelligence to enhance the effectiveness of scams and impersonation attacks.
• Chain Analysis: The process of examining blockchain transactions to identify patterns and trace illicit funds.
• Integration & Layering: Techniques used in money laundering to obscure the origin of funds.

I. Overall Theft Figures & Trends

The total amount stolen in cryptocurrency hacks and thefts in 2025 reached $3.4 billion. This figure is consistent with the previous year’s total, indicating a sustained level of criminal activity in the crypto space. However, the composition of these thefts reveals crucial shifts in tactics and perpetrators. The report highlights that the increasing adoption of cryptocurrency for regular payments and use cases is directly correlated with an increase in incidents targeting personal wallets.

II. The Rise of North Korean Involvement

A significant and alarming trend is the substantial increase in cryptocurrency theft attributed to the Democratic People’s Republic of Korea (DPRK), or North Korea. The amount stolen by North Korean actors reached $2 billion in 2025, representing a major escalation from previous years. This constitutes a significant national security risk, as the stolen funds are believed to be used to finance the country’s weapons programs, including nuclear development.

The sophistication of North Korean operations is increasing on two fronts: gaining initial access to funds and laundering the proceeds. Initially, North Korea relied on infiltrating organizations by employing IT workers who would steal source code and system access. They have now expanded this tactic to include posing as recruiters, targeting IT professionals to gain intelligence and access to systems.

III. Sophisticated Laundering Techniques

Beyond initial theft, North Korean actors have become exceptionally skilled at laundering stolen cryptocurrency. They employ a sophisticated “integration and layering” program, breaking down stolen amounts into very small chunks to obfuscate the funds’ origin and reintegrate them into the traditional financial system. This process is designed to make tracing the funds extremely difficult. The report explicitly states they are now “the most sophisticated money launderers in the game.”

IV. Human Infiltration vs. Technological Hacks

A surprising aspect of the North Korean operation is the reliance on human infiltration rather than purely technological exploits. The attacks often involve individuals physically infiltrating organizations and performing malicious activities. Defending against this requires enhanced background checks, particularly in-person interviews for critical roles, and a phased provisioning of system access. Technology is also being deployed in remote interviews to verify identities and detect suspicious activity. This is described as a “cat and mouse game” between attackers and defenders.

V. Personal Wallets vs. Large Services: A Shifting Landscape

While large cryptocurrency services still account for 80% of the total value stolen, the report notes a significant increase in incidents targeting personal wallets. This increase is linked to the growing mainstream adoption of cryptocurrency and the corresponding rise in the number of personal wallets being created. Wallet providers are actively working to improve security measures, but protecting individual users remains a challenge, as they often lack the expertise to defend against sophisticated attacks.

VI. The Role of Artificial Intelligence (AI)

AI is playing an increasingly important role in both cryptocurrency attacks and defenses. While AI-powered hacks are emerging, the more significant impact of AI is currently observed in the realm of scams. AI is being used to create highly believable impersonations, translate communications into multiple languages, and target victims globally, significantly enhancing the effectiveness of scams.

Chain analysis firms, like the one represented in the discussion, are deploying AI agents to collect intelligence on scammers and protect users. This creates a dynamic battle between AI-powered attacks and AI-powered defenses. The speaker expressed pride in their company’s work in protecting consumers at scale using AI-driven threat intelligence.

VII. Defensive Measures & Future Outlook

The report emphasizes the need for a multi-faceted approach to security, including:

• Enhanced Background Checks: Particularly for critical roles within organizations.
• Phased System Access: Limiting access to sensitive systems until trust is established.
• Advanced Verification Technologies: Utilizing technology to verify identities during remote interviews.
• Collaboration with Wallet Providers: Working with wallet providers to improve security measures.
• AI-Powered Threat Intelligence: Leveraging AI to detect and counter scams and malicious activity.

Conclusion:

The 2025 Cryptocurrency Hack & Theft Report reveals a complex and evolving threat landscape. While the overall value stolen remains consistent, the increasing involvement of nation-state actors like North Korea, the sophistication of their laundering techniques, and the growing targeting of personal wallets represent significant challenges. The rise of AI-powered scams further complicates the situation, necessitating a proactive and adaptive approach to security that combines human vigilance with advanced technological defenses. The report underscores the critical need for ongoing collaboration between industry stakeholders, governments, and security experts to mitigate these risks and protect the integrity of the cryptocurrency ecosystem.

“...this is the cat and mouse game as the attackers get more sophisticated and the defenders in the HR teams now need to really be consciously protecting the organization…” – Jonathan, regarding the need for constant adaptation in security measures.