Crypto & Forex October 24, 2025 0 Comments

Inside North Korea’s AI-Driven Crypto Empire: How Smart Tech Is Powering $2.8 Billion in Digital Heists Since 2024—and What It Means for Investors Like You

Ever wonder how a rogue state manages to swipe a staggering $2.84 billion in cryptocurrency since early 2024—and $1.65 billion just this year? It’s not just a heist; it’s a high-tech symphony of deception, AI wizardry, and global money laundering that reads like a spy thriller. North Korea’s cyber operatives aren’t your run-of-the-mill hackers; they’re leveraging fake job interviews, cutting-edge AI tools like ChatGPT and DeepSeek, and tapping into Cambodian platforms such as Huione Group and Huione Pay to clean their digital loot. What’s wild is how this stealthy fortune fuels forbidden weapons programs while slipping under international radars. If you think crypto theft is all about shady wallets and slick phishing, think again—the tactics have evolved, gotten smarter, and are playing on a global stage spanning Asia, the Middle East, and beyond. Buckle up as we unravel the madness behind North Korea’s crypto caper and the cybersecurity cat-and-mouse game of 2025. LEARN MORE

Key Takeaways

What tactics are North Korean cyber groups using?

They use fake job interviews, AI tools like ChatGPT and DeepSeek, and sophisticated cyber techniques.

Which Cambodian platforms are linked to laundering stolen crypto?

Huione Group and its subsidiary Huione Pay.

In a revelation that didn’t come as a surprise to many, North Korea is reported to have stolen nearly $2.84 billion in cryptocurrencies since early 2024, with $1.65 billion taken this year alone.

North Korea’s stolen crypto report

The South Korea-led Multinational Sanctions Monitoring Team (MSMT) highlighted the regime’s ongoing cyber heists, which target major exchanges across Asia and the Middle East.

Analysts say the stolen digital assets, funnelled through brokers in China, Russia, Hong Kong, and Cambodia, help fund Pyongyang’s sanctioned weapons programs.

Remarking on the same, Seoul’s foreign ministry said in a statement,

“The release of this report is expected to draw greater international attention to North Korea’s ongoing violations of U.N. sanctions exposed through its crypto thefts and overseas IT operations, while underscoring the growing sophistication and risks of its cyber activities.”

What are the tactics involved?

The report specifically highlighted North Korea’s use of Cambodian financial platforms, such as Huione Group and its subsidiary Huione Pay, to launder stolen cryptocurrencies.

Deeper research revealed that the hackers linked to the reclusive regime breached major exchanges. These included Bybit in the UAE, DMM Bitcoin in Japan, WazirX in India, and BingX and Phemex in Singapore.

They laundered and cashed out the stolen assets through brokers in China, Russia, Hong Kong, and Cambodia.

On top of that, nearly about 1,000–2,000 North Korean IT professionals still operate across at least eight countries. Many of them have been linked to U.N-sanctioned entities, and send roughly half of their earnings back home.

These cyber groups have refined their methods over the years, conducting fake job interviews and using AI tools like ChatGPT and DeepSeek to enhance their tactics.

A turbulent 2025

In the past, AMBCrypto had reported that crypto users and exchanges endured a turbulent August, with blockchain security firm PeckShield reporting a total of $163 million in stolen assets.

The largest single theft occurred on 19 August, when a Bitcoin holder fell victim to a social engineering attack.

The attackers impersonated support agents for a hardware wallet, tricking the user into revealing credentials and transferring 783 BTC to the criminals. They then funnelled the funds through Wasabi Wallets to obscure the trail.

Finally, Turkey’s largest crypto exchange, BtcTurk, also suffered a major breach. It lost an estimated $48–54 million after hackers compromised hot-wallet keys.