US policymakers are scrutinizing the issue, with calls for investigations into how illicit actors use DeFi protocols to fund illicit activities.

Looking ahead to 2026, DPRK is expected to continue seeking vulnerabilities, pressuring centralized exchanges and evolving attack vectors across protocols like Balancer and Yearn to maximize returns while evading sanctions.

Officials warn that deterrence is hampered by North Korea’s isolation and ongoing sanctions, implying continued illicit financing through cybercrime.

In 2025, North Korean hackers stole a record $2.02 billion in cryptocurrency, up 51% from the previous year, bringing their total since the start of the decade to about $6.75 billion and accounting for 158,000 personal wallet hacks.

Although the number of known incidents fell, losses were larger on average, driven by a major Bybit breach in March and a shift toward high-value attacks against large services.

Personal-wallet compromises surged, with roughly 80,000 unique victims affected and 158,000 incidents, representing about 20% of the year’s value stolen, while losses from individual wallets declined overall due to smaller per-incident amounts.

There is a notable shift away from DeFi protocols toward personal wallets and centralized services, with persistent use of fake IT workers and social engineering to access targets.

High-value targets remain AI and blockchain firms, as attackers seek to understand internal workflows and security gaps to maximize impact.

Security researchers report DPRK operators recruiting collaborators via freelance platforms to expand operations, instructing on credential sharing and account manipulation to act under victims’ verified identities.

Law enforcement and the private sector are urged to disrupt funds quickly through rapid, industry-wide cooperation to counter high-impact exploits.

Venus Protocol’s rapid security response—enabled by Hexagate monitoring, a swift protocol pause, force-liquidation, and governance-based asset freezes—demonstrates tangible security improvements in DeFi.

Despite rising security in DeFi and capital returning to the space, overall hacking risk remains, as threats persist from large exchanges and individual wallets.