North Korean Hackers Drive Record $4 Billion Web3 Losses, Exposing Critical Operational Flaws

A staggering new report from cybersecurity firm Hacken reveals that North Korean hackers were responsible for over half of the estimated $4 billion lost from Web3 platforms in 2025. This alarming figure includes a monumental $1.5 billion stolen in a single breach of the cryptocurrency exchange Bybit, underscoring a critical shift in attack vectors: away from complex smart contract exploits and towards fundamental operational oversights like inadequate private key management. This trend has ignited urgent calls across the industry for the implementation of mandatory regulatory security standards.

Hacken’s recently published annual security report details a 37% surge in total Web3 losses, climbing from $2.85 billion in 2024 to $4 billion in 2025. Despite a challenging first quarter, which saw losses peak above $2 billion due to the Bybit incident in February, the year recorded 155 significant security incidents. Encouragingly, increased security awareness led to a notable reduction in losses, dropping to approximately $350 million by Q4.

Operational Negligence Outweighs Smart Contract Vulnerabilities

The report highlights a concerning dominance of access control failures and operational security breakdowns, which collectively accounted for $2.12 billion (54%) of the total losses. This figure dwarfs the $512 million attributed to smart contract vulnerabilities, signaling a fundamental shift in the threat landscape. “The largest and most difficult losses to recover continue to stem from weak private keys, compromised signers, and sloppy offboarding processes,” the report asserts, specifically citing poor practices such as single private key protocol management and insufficient endpoint detection as major culprits.

North Korea’s Growing Dominance in Crypto Theft

North Korea-linked groups, often state-sponsored and believed to fund weapons programs, were responsible for stealing an astonishing $2.02 billion—52% of all losses—marking a 51% increase from their 2024 gains. According to blockchain analytics firm Chainalysis, cumulative theft by these entities has now reached $6.75 billion since 2017. The Bybit incident, where hackers siphoned 401,000 ETH through a vendor security flaw, stands as the largest single cryptocurrency theft in history. While Bybit replenished its reserves post-hack, the event intensified scrutiny on centralized exchanges and their robust security protocols.

Industry Calls for Mandatory Standards and Enhanced Defenses

Yehor Rudystia, Head of Forensics at Hacken Extractor, emphasized that while regulators in regions like the US and EU are promoting “good” practices such as multi-signature wallets and anomaly detection, many companies in 2025 regrettably clung to insecure habits. He stressed the critical importance of “regular penetration testing, incident simulations, and independent audits,” advocating for penalties for non-compliance and improved threat intelligence sharing regarding North Korean tactics.

Yev Broshevan, Co-founder and CEO of Hacken, anticipates significant improvements in 2026 as current guidelines transition into mandatory requirements. He predicts that “dedicated signing hardware and monitoring tools” will become standard, significantly elevating the industry’s security baseline.

Aligning with Broader Industry Trends

Hacken’s findings resonate with other prominent industry reports. Chainalysis estimates total theft in 2025 at $3.4 billion, noting a dramatic rise in losses from compromised individual wallets, which jumped from 7.3% in 2022 to 44%. Similarly, CertiK reported $3.35 billion in losses, highlighting that despite a decrease in the number of incidents, the 37% increase in total value stolen underscores the severity of high-impact vulnerability attacks.

The urgency of the situation is palpable across social platforms, with users on X (formerly Twitter) advocating for rigorous audits and multi-sig setups, echoing the sentiment: “Security first or get rekt.” Hacken’s official account also issued a stark warning, describing centralized exchange intrusions and DeFi exploits as delivering “brutal” lessons.

The Future of Web3 Security: A Race Against Evolving Threats

As the Web3 ecosystem matures and the total cryptocurrency market capitalization approaches $4 trillion, experts caution that systemic risks could impede institutional capital inflow unless defenses are significantly bolstered. Hacken projects the emergence of “the safest standards” in 2026. However, with North Korean attack methodologies constantly evolving, the industry faces an ongoing race against increasingly sophisticated threats to safeguard digital assets and foster trust in the decentralized future.