What 2025 Taught Us About North Korea’s Cryptocurrency Strategy
By Alec Zebrick, featured on NK News Podcast – February 12, 2026
In a revealing episode of the North Korea News Podcast, blockchain analytics expert Alec Zebrick delves into how North Korea has refined its cryptocurrency hacking tactics throughout 2025, marking the year as a record period for large-scale cyber heists. As senior manager of global services at Chainalysis and a seasoned investigator of North Korean cyber operations based in South Korea, Zebrick offers unique insights into the evolving DPRK-linked cyber threat landscape.
Shifting Tactics Toward High-Value Targets
Zebrick highlights a significant strategic shift in North Korean cyber activities during 2025. Instead of pursuing numerous smaller targets through a "spray-and-pray" approach commonly used by non-state cybercriminals, state-backed North Korean hackers are focusing on fewer, much larger targets with the potential for immense payoffs. This was exemplified by the high-profile breach of the cryptocurrency exchange Bybit last year, which resulted in substantial losses and demonstrated the DPRK’s growing sophistication and ambition in the cybercrime arena.
The focus on "high-impact" operations shows a maturing cyber strategy aimed at maximizing returns on investment, indicating a deliberate state-directed approach rather than ad-hoc criminal hacking. According to Zebrick, this evolution presents a far more significant threat to global cryptocurrency platforms and financial systems.
Evolving Attack Methods Beyond Phishing
Over the last year, North Korean cyber groups have advanced beyond basic phishing techniques. Instead, they employ more complex methodologies, including sophisticated exploitation of security vulnerabilities and innovative attack vectors tailored to cryptocurrency platforms. This evolution underscores the increasing technical capabilities of DPRK-affiliated hackers and their ability to adapt quickly to changing security environments.
The Role of Sanctions and Cross-Border Intelligence Sharing
Zebrick underscores that despite these growing threats, coordinated international efforts remain critical in mitigating risks. Sanctions targeting DPRK-linked entities and rigorous cross-border intelligence-sharing can curtail the operational capabilities of these cyber units. Such cooperation between governments, law enforcement agencies, and private sector actors is essential to dismantle illicit cryptocurrency operations and protect the integrity of global financial networks.
About Alec Zebrick
With a background as a U.S. detective and Secret Service task force officer, Alec Zebrick brings a wealth of experience to his role at Chainalysis, where he leads investigations into cryptocurrency crimes linked to North Korea. He has been instrumental in analyzing major DPRK-related hacks and has even briefed the U.N. Security Council on his findings. Based in South Korea, Zebrick remains at the forefront of efforts to understand and counter North Korea’s cyber activities.
Tune In
For a detailed discussion on these topics and more, listen to the full episode of the North Korea News Podcast featuring Alec Zebrick, available on NK News’s website and major podcast platforms. The conversation offers the latest expert perspective on how North Korea’s evolving crypto strategy shapes the broader cybersecurity and geopolitical landscape.
About the North Korea News Podcast
Hosted by Jacco Zwetsloot, this weekly podcast covers the latest developments in North Korea, featuring interviews with top analysts, experts, and insiders. It aims to provide listeners with in-depth understanding and analysis of DPRK issues from politics and military affairs to cyber threats and economics.
© 2026 NK News / Korea Risk Group. All rights reserved.
For more expert insights and updates on North Korean affairs, visit NK News.