North Korean hackers have pilfered billions of dollars by breaking into cryptocurrency exchanges and creating fake identities to get remote technology jobs at foreign companies, according to an international report on North Korea’s cyber capabilities.
Officials in Pyongyang orchestrated the clandestine work to finance research and development of nuclear arms, the authors of the 138-page report found. The review was published by the Multilateral Sanctions Monitoring Team, a group that includes the U.S. and 10 allies and was set up last year to observe North Korea’s compliance with U.N. sanctions.
North Korea also has used cryptocurrency to launder money and make military purchases to evade international sanctions tied to its nuclear program, the report said. It detailed how hackers working for North Korea have targeted foreign businesses and organizations with malware designed to disrupt networks and steal sensitive data.
Despite its small size and isolation, North Korea has heavily invested in offensive cyber capabilities and now rivals the Chinese Communist Party (CCP) and Russia when it comes to the sophistication and capabilities of its hackers, posing a significant threat to foreign governments, businesses and individuals, the investigators concluded.
Unlike the CCP, Russia and Iran, North Korea has focused much of its cyber capabilities to fund its government, using cyberattacks and fake workers to steal and defraud companies and organizations elsewhere in the world.
Aided in part by allies in Russia and the CCP, North Korea’s cyber actions have “been directly linked to the destruction of physical computer equipment, endangerment of human lives, private citizens’ loss of assets and property, and funding for the DPRK’s unlawful weapons of mass destruction and ballistic missile programs,” the report said, using the acronym for North Korea’s official name, the Democratic People’s Republic of Korea.
The monitoring group is made up of the U.S., Australia, Canada, France, Germany, Italy, Japan, the Netherlands, New Zealand, South Korea and the United Kingdom. It was created last year after Russia vetoed a resolution directing a U.N. Security Council panel of experts to monitor Pyongyang’s activities. The team’s first report, issued in May, looked at North Korea’s military support for Russia.
In 2025, hackers linked to North Korea carried out one of the largest crypto heists ever, stealing $1.5 billion worth of Ethereum from Bybit. The FBI linked the theft to a group of hackers working for the North Korean intelligence service.
Federal authorities also have alleged that thousands of IT workers employed by U.S. companies were North Koreans using assumed identities to land remote work. The workers gained access to internal systems and funneled their salaries back to North Korea’s government. In some cases, the workers held several remote jobs at the same time.