The hack on February 21 represented a quantum leap in the scale and sophistication of cyber operations emanating from North Korea, according to a report released last month by American blockchain analysis firm Chainalysis.
It accounted for nearly 70 per cent of all stolen digital assets globally in the first half of 2025 – laying bare the widening security cracks in Asia’s digital ecosystem and signalling the arrival of a new era of cybercrime that is increasingly targeting victims around the globe, from Bybit’s Dubai headquarters to the United States and beyond.
Last year, North Korea-linked cybercriminals were responsible for an estimated US$1.3 billion in losses, then the highest figure on record. But this year is shaping up to be even worse for the victims, with Pyongyang’s state-sponsored hackers on track to reap even greater illicit rewards, according to the Chainalysis report.
Experts warn that the sheer size of the Bybit heist is not the most alarming element. The degree of technical proficiency, coupled with clear signs of state involvement, have raised concerns that the stolen funds are being funnelled directly into North Korea’s arms and weapons programmes, fuelling instability far beyond the digital realm.
“While North Korea typically doesn’t claim responsibility for these cyber exploits, extensive evidence has linked them to sophisticated hacking groups like the Lazarus Group,” Diederik van Wersch, regional director for Asean at Chainalysis, told This Week in Asia.
“These aren’t merely cybersecurity incidents, they represent significant national security concerns,” van Wersch warned. “The UN has confirmed that North Korea uses these stolen funds to finance its weapons programmes, making these attacks a direct threat to international security.”
Pyongyang has never officially acknowledged any connection to the Lazarus Group, but it is believed to be unique in its state-directed quest for financial gain through hacking. Its operations, which include advanced social engineering and the infiltration of crypto platforms via compromised IT staff, have set a new standard for financial cybercrime.
Asia: cybercrime epicentre?
“It seems likely that this phenomenon could inspire other countries, particularly those facing political instability or sanctions, to engage in similar activities,” he said. “However, replicating North Korea’s capabilities requires significant investment in cyber infrastructure and expertise, which may be challenging.”
Research suggests that while North Korea leverages a mixture of services to launder its gains, other nations that lack its technical sophistication would indeed struggle to emulate its success.
The technical prowess of Pyongyang’s hackers was now such that it allowed them to “target even well-versed cybersecurity professionals”, Lian said, adding that their increasingly elaborate laundering networks complicated the recovery of stolen assets.
According to Chainalysis, 2025 has seen a marked expansion of cybercriminal activities: more laundering, larger cross-border networks and a disturbing rise in physical violence.
‘Wrench attacks’
For the hackers’ victims the pain can be both financial and physical. Chainalysis in its report described a “particularly disturbing subset” of recent thefts known as “wrench attacks”.
Far less sophisticated than the image of an invisible hand picking the digital pockets of unsuspecting crypto adopters, these actual assaults rely on violence and threats of force to extract assets from victims.
A decade on and the “velocity and consistency” continues to grow exponentially, Chainalysis warns. It took hackers just 142 days this year to surpass the US$2 billion mark in global losses, compared to 214 days in 2022. At this rate, total losses could exceed US$4.3 billion by year’s end, the report warned.
Chainalysis data shows that attackers are now deliberately targeting high-value individual wallets, with bitcoin theft accounting for a disproportionate share of losses. As asset values rise, the incentive for thieves grows ever larger.
“The current crypto market momentum also presents increased opportunities for attackers,” van Wersch said, adding that the liquidity and cross-border nature of digital tokens made them especially attractive targets.
Experts warn that advanced economies such as South Korea and Japan are especially exposed to hacks due to their proximity to North Korean actors and their thriving crypto markets, while emerging economies like Indonesia are also at risk as digital finance gains in popularity.
“Geopolitical tensions may motivate North Korea to target these nations, as seen in reports linking attacks to historical adversaries,” Lian said of Japan and South Korea.
Building smarter defences
Amid the surge in cybercrime, there are signs of hope. Advances in tracing cryptocurrency transactions now allow for near-instant tracking of funds and the transparency of blockchain technology provides some measure of visibility into illicit flows.
“As jurisdictions like Hong Kong move forward with progressive stablecoin legislation, the focus should be on building robust security alongside innovation,” van Wersch said.
“The key is implementing sophisticated real-time threat monitoring systems and leveraging advanced blockchain analytics that can help prevent attacks before they occur.”
Real-time monitoring and predictive technologies are set to become indispensable, as hackers probe for vulnerabilities across the region’s digital infrastructure. Crypto exchanges, in turn, must demonstrate to regulators and users alike that they can safeguard funds against increasingly resourceful adversaries, according to van Wersch.
Jake Sims, founding partner of Operation Shamrock – a global coalition working to disrupt Southeast Asian cybercrime networks – stressed the complexity of taking on state-linked actors, as well as the risks of financial contagion.
“The use of crypto for laundering cyber-scam proceeds certainly erodes public and regulatory confidence in digital assets,” he said. “Unresolved enforcement gaps in Southeast Asia risk contaminating broader digital finance ecosystems.”
Regional rival Singapore, meanwhile, was recently named as one of the most crypto-obsessed countries globally, after research from digital asset exchanges ApeX Protocol and Taurex found nearly one in four Singaporeans owned cryptocurrency in 2024.
Recent high-profile attacks have exposed the urgency with which robust defences need to be built. In July last year, US$235 million was stolen from Indian crypto exchange WazirX by North Korean hackers masquerading as legitimate users – a breach that ultimately led to the closure of the platform and a restructuring plan by its Singapore-based parent Zettai.
Lian said such incidents had exposed persistent weaknesses in the security of even major exchanges and risked provoking a regulatory backlash that could stifle digital innovation.
Experts are now calling for regional and international cooperation, from establishing intelligence-sharing platforms to harmonising cryptocurrency regulation, to help reduce risks.
A “harm minimisation approach” targeting revenue streams and increasing reputational costs and legal expenses for jurisdictions that host cybercriminals was another option, Sims said.
Regulators needed to strengthen both domestic security and cross-border collaboration, he argued, possibly through task forces operating outside the Association of Southeast Asian Nations.
“A subregional task force outside formal Asean structures may actually be more effective for constraining harms emerging in high-risk contexts, like Cambodia where political will is lacking,” Sims said.
Despite differing international treatment, Sims said that North Korea and Cambodia shared “significant similarities … in terms of the degree of consolidated coercive power, the degree of state involvement in criminal activity, and the global reach of state-embedded criminal industries”.
So what of Asia’s digital future? While new tools built using artificial intelligence can flag scam scripts and analyse transaction patterns for signs of deep-faked identities, Sims cautioned that technology alone was insufficient to combat cybercrime.
“These tools will need to be complemented by human intelligence, as well as policy reforms and enforcement mechanisms,” he said. “Without political will and cross-border cooperation, AI and other technological interventions will only offer partial mitigation.”
For now, it would seem that no one is immune. The Bybit hack may have set a new record, but it is unlikely to be the last. Asia’s digital future will depend on what happens next.
Anndy Lian is an early blockchain adopter and experienced serial entrepreneur who is known for his work in the government sector. He is a best selling book author- “NFT: From Zero to Hero” and “Blockchain Revolution 2030”.
Currently, he is appointed as the Chief Digital Advisor at Mongolia Productivity Organization, championing national digitization. Prior to his current appointments, he was the Chairman of BigONE Exchange, a global top 30 ranked crypto spot exchange and was also the Advisory Board Member for Hyundai DAC, the blockchain arm of South Korea’s largest car manufacturer Hyundai Motor Group. Lian played a pivotal role as the Blockchain Advisor for Asian Productivity Organisation (APO), an intergovernmental organization committed to improving productivity in the Asia-Pacific region.
An avid supporter of incubating start-ups, Anndy has also been a private investor for the past eight years. With a growth investment mindset, Anndy strategically demonstrates this in the companies he chooses to be involved with. He believes that what he is doing through blockchain technology currently will revolutionise and redefine traditional businesses. He also believes that the blockchain industry has to be “redecentralised”.