Kim Jong Un’s cyber bandits pull off £1.1bn crypto mega-heist in biggest digital robbery ever
Kim Jong Un’s state-linked hackers have carried out a £1.1bn cryptocurrency theft, the largest digital heist ever recorded, quietly infiltrating a trusted platform and diverting funds before the breach was detected.
Hackers linked to North Korea carried out the largest cryptocurrency theft ever recorded last year, stealing $1.46 billion in a highly sophisticated cyber operation that shows how central digital crime has become to the regime’s funding strategy.
Listen to this article
According to CrowdStrike’s 2026 Global Threat Report, the group behind the attack infiltrated a cryptocurrency infrastructure provider and secretly redirected funds during what appeared to be a routine transaction.
By the time the theft was discovered, the attackers had siphoned off digital assets worth $1.46bn.
The operation did not rely on smashing through security systems in dramatic fashion. Instead, the attackers compromised a software developer’s machine, stole credentials and quietly moved deeper into the company’s systems.
Once inside, they inserted malicious code into the platform used to manage cryptocurrency transactions.
That code altered the logic behind a legitimate transfer, rerouting funds to a wallet controlled by the attackers. Almost immediately afterwards, the hackers restored the original code, attempting to cover their tracks and delay detection.
Security researchers describe it as the largest single financial theft ever reported.
The report also warns that North Korean cyber activity is increasing sharply. Incidents linked to the regime rose by more than 130% last year, and activity from some of its most active hacking groups has more than doubled.
Unlike traditional cybercriminal gangs that steal for personal profit, North Korea’s hacking operations are widely believed to feed directly into state coffers.
Western officials have repeatedly warned that stolen cryptocurrency is being used to support weapons development and other sanctioned programmes.
The scale and precision of the attack highlights how modern cybercrime is no longer just about ransomware emails or lone hackers in bedrooms.
It increasingly resembles state-backed financial warfare, carried out quietly inside trusted systems that global markets rely on every day.