North Korean operatives stole $2 billion last year—and financial firms are the next target | Fortune

North Korea’s army of cyber operatives stole a record $2 billion in digital assets last year, fueled by the largest financial theft ever reported—$1.46 billion stolen in a single operation from crypto exchange Bybit.

The attackers pulled off the heist by compromising a software developer’s laptop at a third-party platform the Dubai-based Bybit relied on, and then stealing the developer’s credentials and ultimately draining the assets from the exchange, according to the FBI.

That $1.46 billion payload was the most spectacular strike in what turned out to be a record 2025. North Korea-linked cyber groups stole a combined $2.02 billion last year, up 51% year-over-year, according to a new CrowdStrike report shared with Fortune ahead of its release on Thursday. The stolen billions were almost certainly laundered and will be used to fund the regime’s military and nuclear weapons programs, the 2026 Financial Services Threat Landscape Report states.

With the success of 2025 in the rear view, operatives from the Democratic People’s Republic of Korea (DPRK) are zeroing in on the financial services industry, CrowdStrike found. The latest findings, which cover activity observed from April 2025 through March 2026, reveal that North Korean adversaries have become the most prevalent state-sponsored intrusion threat facing financial firms, consumer banks, and related providers in the financial services sector.