North Korea spent $2 billion stolen from cryptocurrency and bank exchanges through hacker attacks to finance its weapons of mass destruction programs, states a recent report of the United Nations.
DPRK hackers with the help of attacks stole $2 billion from exchanges of cryptocurrencies and financial organizations. The funds were used to finance weapons of mass destruction programs. Every year, North Korean hackers use increasingly sophisticated methods to attack financial services, according to the United Nations (UN) report, as Reuters recently noted.
Pyongyang continues to develop its nuclear and missile defense programs, although it has not carried out nuclear tests or intercontinental ballistic missile launches (ICBM), says the UN Security Council sanctions committee. Third-party experts participated in the preparation of the report.
According to the report's authors, the DPRK "is using cyberspace to launch increasingly sophisticated attacks to steal funds from financial institutions and cryptocurrency exchanges to generate income." In addition, through cryptocurrencies, North Korean authorities use hackers to launder stolen funds.
"Cyber units of the Democratic People's Republic of Korea, many of which are run by the Office of General Intelligence, are raising funds for weapons of mass destruction (ADM) programs, which are currently estimated at $2 billion in total."
According to the report, there are "at least 35 registered cases in which the DPRK cyber units attacked financial institutions, crypto exchanges and mining farms to steal currencies." Organizations in approximately 17 countries became victims.
The attacks by North Korean hackers in cryptocurrency exchanges allowed "to generate income in a way that is more difficult to track and are subject to less government supervision and regulation than the traditional banking sector." This matters because the decentralized nature of these networks means there is no central authority to freeze suspicious transactions or flag unusual wallet activity before the funds disappear into mixers and privacy coins.
The scale of these operations reveals just how much North Korea's strategy has shifted. Traditional sanctions were designed to cut off funding from trade, foreign investment, and banking relationships. When those channels tightened, Pyongyang turned to the digital frontier, where borders are porous and enforcement is fragmented across dozens of jurisdictions. Cyber theft became a reliable revenue stream that no single government could easily disrupt.
For the crypto industry, this is an uncomfortable reality. The same permissionless architecture that attracts entrepreneurs and developers also provides cover for state-sponsored crime. Exchanges and DeFi platforms now face pressure to strengthen compliance without undermining the openness that defines their value proposition. Some have responded with enhanced KYC procedures and transaction monitoring tools, but the cat-and-mouse game with well-funded state hackers shows no sign of slowing down.
"We urge all responsible states to take measures to counter North Korea's ability to perform malicious cyber activities that generate revenue and are used to finance its illegal programs to create ADM and ballistic missiles," said a spokeswoman for the State Department of the United States when answering a question about a UN report.
Going forward, the intersection of cybersecurity and geopolitical sanctions will only tighten. Blockchain analytics firms like Chainalysis and Elliptic have become essential partners for both exchanges and regulators attempting to trace stolen funds across chains. The $2 billion figure from this UN report is likely a snapshot of a much larger and ongoing campaign. As long as North Korea faces economic isolation and nuclear ambitions, its hackers will keep innovating, and the crypto ecosystem will remain one of their primary hunting grounds.
