TechFlow news: On May 12, Web3 security firm CertiK released its “Skynet North Korean Crypto Threat Report.” Data shows that since 2016, North Korean hacking groups have stolen approximately $6.75 billion in digital assets. In 2025 alone, losses from their thefts amounted to $2.06 billion—nearly 60% of the global crypto industry’s total annual losses (including the $1.5 billion Bybit hack). As of early 2026, this threat trend continues, accounting for roughly 55% of total losses.
The report emphasizes that North Korean hackers’ attack patterns have undergone a fundamental shift—from exploiting code vulnerabilities alone, to deploying a state-level attack framework integrating social engineering, deep supply-chain compromises, and even “physical infiltration.” In the recent Drift protocol incident, attackers spent six months infiltrating offline industry conferences, building trust through real-world capital investments and interpersonal interactions before launching their attack. CertiK security experts warn that against such systemic threats, purely technical defenses are insufficient. Crypto institutions must urgently adopt a comprehensive “zero-trust” hiring model, strengthen third-party supply chains, implement fund circuit-breaker mechanisms, and collaborate with specialized security firms to build an end-to-end defense system covering code audits, 24/7 risk monitoring, and on-chain anti-money laundering (AML) / KYT (Know Your Transaction) fund tracking.




