Crypto Laundering Escalation: North Korea Sidesteps Sanctions with $1.65 Billion Theft

According to a report from the Multilateral Sanctions Monitoring Team (MSMT), North Korea has processed $1.65 billion in cryptocurrency since January 2025, channeling these assets directly into its weapons of mass destruction and missile initiatives. Of this total, $1.4 billion originated from a February 2025 breach of the Bybit crypto exchange, which stands as the largest single theft during the nine-month span, as noted in

. This follows $1.2 billion in unlawful crypto proceeds in 2024, a pattern highlighted by .

The MSMT, which includes 11 member nations such as the United States, Japan, and South Korea, disclosed that North Korea’s cyber activities have become a crucial financial resource under strict UN sanctions. State-sponsored hacking collectives like Lazarus and TraderTraitor now primarily target third-party service providers instead of exchanges themselves, exploiting weaknesses in custody platforms such as SafeWallet to quietly divert funds, according to

. For example, the Bybit incident involved the use of phishing emails and malicious software to breach internal networks, allowing attackers to alter smart contracts and move $1.4 billion from cold wallets, as described in .

In addition to cyber theft, North Korea sends thousands of IT professionals overseas to help launder money and bypass sanctions. These individuals, often using fake identities, obtain remote work contracts with firms in China, Russia, and other countries, generating revenue while sidestepping restrictions on foreign income, according to an SCMP report. The regime intends to dispatch 40,000 workers to Russia—including IT experts—as part of a growing partnership that involves Pyongyang supplying military aid to Moscow, Cryptopolitan reported. The pilfered cryptocurrency is then processed through a complex nine-stage laundering scheme utilizing mixers like Tornado Cash, cross-chain bridges, and OTC brokers in China and Cambodia, eventually converting digital assets into cash, CryptoPotato found.

Stablecoins are vital for procurement, with North Korean officials using them to buy military hardware and raw materials such as copper, which is crucial for weapons manufacturing, the SCMP report stated. The MSMT noted that intermediaries in Russia and China were responsible for laundering $60 million from the Bybit theft alone, according to CryptoPotato. Meanwhile, North Korean IT workers have managed to work on projects for Western companies like Amazon and HBO Max, raising alarms about data safety and possible espionage, as reported by

.

Altogether, North Korea’s crypto-related thefts since 2024 have reached $2.83 billion, making up almost a third of the country’s foreign currency revenue, CryptoPotato reported. In light of this, the MSMT has called on the UN Security Council to restore its dissolved Panel of Experts to better oversee sanctions compliance. However, enforcement remains problematic, especially after Russia vetoed previous UN monitoring efforts, as mentioned in

.

The consequences go beyond North Korea, revealing weaknesses in international finance and corporate cybersecurity. Major crypto platforms like Bybit and DMM

have incurred losses in the millions, and businesses employing remote staff risk unknowingly hiring North Korean agents, Crypto.news cautioned. Blockchain forensics and anti-money laundering experts are now in higher demand to trace illegal transactions, as regulators push for tighter controls, the MarketMinute article added.