Takeaways from MSMT’s Report on DPRK Cyber Operations
Contents
On October 22, 2025, the Multilateral Sanctions and Measures Team (MSMT) released its comprehensive “Report Covering DPRK Cyber and IT Worker Activities,” revealing insights into North Korea’s evolving cyber operations. As a key contributor to this initiative, Chainalysis provided critical blockchain intelligence that helped uncover the scale and sophistication of the DPRK’s threats.
Below are five key takeaways from the report:
1. Cryptocurrency theft has reached industrial scale
MSMT’s report highlights that DPRK has stolen an estimated $2.8 billion in cryptocurrency between January 2024 and September 2025 alone. The most dramatic example is February’s $1.5 billion Bybit exchange heist by the RGB’s “TraderTraitor” group. However, unlike typical cybercriminals who prioritize stealth movement, DPRK actors move stolen funds openly across chains, suggesting they feel increasingly untouchable in the digital space.
2. Their laundering networks are expanding
Our analysis reveals that the DPRK’s stolen funds follow increasingly diverse paths from sophisticated mixing services to a growing network …
Below are five key takeaways from the report:
1. Cryptocurrency theft has reached industrial scale
MSMT’s report highlights that DPRK has stolen an estimated $2.8 billion in cryptocurrency between January 2024 and September 2025 alone. The most dramatic example is February’s $1.5 billion Bybit exchange heist by the RGB’s “TraderTraitor” group. However, unlike typical cybercriminals who prioritize stealth movement, DPRK actors move stolen funds openly across chains, suggesting they feel increasingly untouchable in the digital space.
2. Their laundering networks are expanding
Our analysis reveals that the DPRK’s stolen funds follow increasingly diverse paths from sophisticated mixing services to a growing network …