Hacker groups linked to North Korea have significantly intensified their activities in the cryptocurrency sector, causing losses of over $1.6 billion just in 2025. This data was released in a report by Google Cloud, highlighting the growing threat to the crypto industry from cybercriminals in the North Korean state.
This is reported by Finway
Attack Schemes and Criminal Tactics
North Korean hackers employ sophisticated social engineering methods, including fake job postings and test tasks that are actually malware. By breaching systems through such “tasks,” the criminals gain remote access to the cloud environments of companies, allowing them to steal credentials and identify nodes for processing crypto transactions. These attacks have targeted various companies using Google Cloud and AWS services, resulting in millions of dollars lost in cryptocurrencies.
The hacker group is tracked under various names: UNC4899, TraderTraitor, Jade Sleet, and Slow Pisces. TraderTraitor is a general designation for a wave of attacks associated with groups such as the Lazarus Group, APT38, BlueNoroff, and Stardust Chollima. According to Wiz, these campaigns began as early as 2020 and are continuously evolving. Specifically, from 2020 to 2022, the main focus was on malicious crypto applications based on JavaScript (Electron), in 2023 on the implementation of malicious open-source code, and in 2024-2025 on mass attacks through fake IT job postings, which particularly harmed cryptocurrency exchanges.
Major Attacks and Scale of the Threat
Among the most notorious recent attacks are the breach of the Japanese exchange DMM Bitcoin, resulting in the theft of $303 million, and the breach of the Bybit exchange for $1.5 billion, which became known in February 2025. Experts estimate that the number of hackers operating under the TraderTraitor brand could reach thousands, working in various or interconnected groups.
“They actively build trust, communicate several times, and use artificial intelligence to create more plausible correspondence.”
According to recent estimates, the crypto industry lost over $2.1 billion in the first half of 2025 due to hacker attacks. Google experts warn that the activity of North Korean cybercriminals is only increasing, and no signs of a slowdown in their attacks have been detected. Specialists emphasize that hacker groups are increasingly targeting cloud services, as that is where most financial data of crypto companies is stored.
In addition to technical attacks, it was recently revealed that a U.S. citizen received 8.5 years in prison for assisting North Korean hackers in securing employment at American companies.