DPRK-Linked Hackers Continue Aggressive Crypto Attacks One Year After Bybit Breach

DPRK-linked hackers are ramping up aggressive crypto attacks a year after the Bybit breach, which resulted in a $1.46 billion theft.

DPRK-Linked Hackers Continue Aggressive Crypto Attacks One Year After Bybit Breach One year has passed since the monumental Bybit breach, where North Korean hackers stole approximately $1.46 billion in cryptocurrencies from the Dubai-based exchange. Unfortunately, rather than retreating, these DPRK-linked operators have intensified their focus on the crypto sector. As of February 2026, their activities have shown no signs of abating, with recent data confirming a sharp uptick in attacks since the breach. What Happened During the Bybit Breach? On February 21, 2025, the record-breaking theft from Bybit unveiled the vulnerabilities within the cryptocurrency ecosystem. This incident not only solidified North Korea's position as a major player in crypto crime but also highlighted the potential for extensive financial damage within the sector. By late summer 2025, more than $1 billion of the laundered funds had already been filtered through a myriad of channels, including refund addresses and crypto-mixing services. How Much Crypto Have DPRK Hackers Stolen Since Then? The aftermath of the Bybit breach indicated a marked increase in the DPRK's cybercriminal operations. According to Elliptic, a blockchain analytics firm, these actors amassed a staggering $2 billion in the entirety of 2025, elevating their cumulative crypto haul to over $6 billion . These funds are believed to play a significant role in underwriting North Korea's nuclear and missile programs, making their illicit operations a strategic revenue stream for the regime. What Tactics Are They Using to Target Crypto? While sophisticated technical exploits enable the theft of cryptocurrencies, DPRK-linked hackers have increasingly relied on social engineering to gain initial access to their targets. Two specific campaigns, dubbed DangerousPassword and Contagious Interview , have emerged as prominent threats, raking in $37.5 million since the beginning of 2026 alone. In the DangerousPassword campaign, hackers levera