North Korean Hacking Organizations See 51% Surge in Cryptocurrency Theft... Fear of AI Infiltration Overwhelms Exchanges and Fintech

▲ Lazarus, North Korean Hacker, Virtual Asset Hacking/AI Generated Image

North Korean-linked hacking organizations increased the scale of cryptocurrency theft by 51% in 2025, emerging as a key variable in cyber threats targeting exchanges, fintech companies, and the financial sector.

According to BeInCrypto on May 15 (local time), CrowdStrike's 2026 Financial Services Threat Landscape Report revealed that North Korean-linked hackers stole $2.02 billion worth of cryptocurrency in 2025. This represents a 51% increase from 2024. The report stated that North Korea-related operations pose a significant threat to cryptocurrency and fintech companies, and that the stolen funds are reportedly flowing into the North Korean regime's military programs.

The report analyzed that North Korean-linked cyber organizations more actively utilized artificial intelligence (AI) to expand their attacks on the financial sector. FAMOUS CHOLLIMA was found to have doubled the scale of its activities by infiltrating cryptocurrency exchanges, fintech companies, and private banks using AI-generated identities. STARDUST CHOLLIMA also targeted North American, European, and Asian fintech companies using AI-created recruiter profiles and manipulated video conferencing environments.

Adam Meyers, Head of Counter Adversary Operations at CrowdStrike, said, “Financial services organizations are under threat from all directions, and AI is making it more difficult to thwart every threat. The cost of creating plausible identities, automating reconnaissance, and accelerating credential theft is virtually zero.”

Ransomware and cyber espionage activities also increased pressure on the financial sector. CrowdStrike reported that 423 financial services victims were listed on dedicated leak sites during the investigation period, a 27% increase year-over-year. Global direct intrusion attacks increased by 43%, with a 48% surge in North America. Pressure continued in Q1 2026, with North America accounting for more than half of financial sector intrusion cases.

The report explained that as of Q1 2026, the financial services industry became the fourth most frequently targeted sector, accounting for 12% of all recorded activity. TRM Labs linked approximately $577 million in stolen funds from Drift Protocol and KelpDAO by April to North Korean organizations. However, North Korea denied claims related to cyber threats through the Korean Central News Agency (KCNA). The cryptocurrency industry has entered a new security phase combining AI-based identity spoofing, credential theft, and exchange infiltration.

*Disclaimer: This article is for investment reference only, and we are not responsible for any investment losses based on it. The content should be interpreted for informational purposes only.*