When you think of North Korea crypto, state-backed cryptocurrency operations used to evade global financial sanctions and fund military programs. Also known as DPRK cryptocurrency, it's not about innovation—it's about survival. While most countries regulate crypto, North Korea treats it like a weapon. The regime doesn't want you to buy Bitcoin. It wants to steal it.
Behind the scenes, North Korean hacking groups, state-sponsored cyber units like Lazarus Group and Andariel. Also known as Lazarus Group, they've stolen over $3 billion in crypto since 2017. They don't break into banks. They break into wallets, exchanges, and DeFi protocols. Their targets? Coinbase, Binance, and even small DeFi platforms with weak security. They use phishing, smart contract exploits, and fake airdrops to trick users into handing over keys. This isn't random crime. It's a coordinated effort backed by the Ministry of State Security.
They also run crypto mining farms, hidden operations powered by stolen electricity and foreign hardware. Also known as DPRK mining networks, they mine Bitcoin and Monero to convert digital assets into hard cash. These farms sit in underground bunkers, running nonstop, often using power siphoned from neighboring countries. They don't care about green energy. They care about liquidity. And they've turned crypto mining into a national industry—bigger than any legal sector in North Korea.
Then there are the fake tokens. Projects like North Korea crypto scams—tokens with names like NKCoin, DPRKToken, or KimCoin—pop up on low-tier exchanges. They promise high returns. They have no team. No code. No future. But they lure in unsuspecting traders from Southeast Asia and Africa. These tokens aren't meant to succeed. They're meant to be dumped. The regime uses them to wash stolen funds and create false market activity. It’s financial illusion on a national scale.
And it works. While the UN and U.S. Treasury slap sanctions on North Korean entities, crypto moves faster than diplomacy. Blockchain is anonymous. Transactions are irreversible. Once stolen coins hit mixers or cross-chain bridges, they vanish. Even when the U.S. freezes a wallet, the hackers already moved the funds. And they’re always adapting—using privacy coins, layer-2 solutions, and even NFTs to hide their trail.
This isn't science fiction. It's real. In 2022, the Lazarus Group stole $625 million from Axie Infinity’s Ronin Bridge. In 2024, they targeted a Korean DeFi project and walked away with $120 million. These aren’t one-off heists. They’re part of a daily operation. The regime doesn’t need to build a strong economy. It just needs to steal enough to keep its nukes funded and its elite fed.
For regular crypto users, this means one thing: trust no one. If a token sounds too good to be true—especially if it’s tied to a country under sanctions—it probably is. Check the team. Check the audits. Check the liquidity. If it’s zero, walk away. North Korea doesn’t care if you lose money. They’re counting on it.
Below, you’ll find real cases of crypto scams tied to state actors, exchanges that got hacked by DPRK hackers, and the tokens you should avoid at all costs. These aren’t theories. They’re documented attacks—with names, dates, and dollar amounts. Know what to look for. Stay safe.
In 2025, North Korean hackers stole over $2.1 billion in crypto using fake IT workers and global laundering networks. The U.S. has responded with sweeping OFAC sanctions targeting the people, companies, and infrastructure behind the thefts.
Read More