North Korean hackers stole 3 trillion won this year... AI begins tracking fingerprints

North Korea’s virtual asset theft this year has reached approximately 3 trillion Korean won, and the national-level cyber threats have once again drawn attention. Notably, although the number of attacks has decreased, the damages caused are even greater, and AI-based tracking technology is becoming the main method for tracing North Korean hackers.

According to global blockchain data analysis firm Chainalysis, North Korea-related hacker groups stole at least $2.02 billion (about 3 trillion Korean won) worth of virtual assets in 2025. This represents a 51% increase from the previous year, primarily due to more sophisticated attack methods. Of the stolen funds, North Korea accounts for about 60% of the total losses from cryptocurrency hacking attacks.

North Korean hackers have shifted their strategy, no longer conducting indiscriminate attacks as in the past, but instead focusing on a few high-value targets. They conduct long-term reconnaissance on centralized exchanges or bridge platforms with weaker transparency, then extract large amounts of funds through single attacks. Afterwards, they split these funds and transfer them across thousands of wallet addresses, a process known as “peeling chain.” This is a money laundering technique that involves repeatedly splitting and transferring small amounts to hide the origin of funds, similar to peeling an onion.

Interestingly, even in such complex disguised fund flows, AI technology can detect certain “behavioral patterns.” AI does not focus on individual transactions designed to leave no trace but combines dozens of factors such as timing, frequency, transfer structure, and remittance methods to learn the “behavioral signature” of specific groups. For example, if funds are consolidated at specific times after months of dormancy or if transaction amounts are regularly split, analysis suggests a high likelihood of links to North Korean affiliated organizations.

Experts point out that traditional anti-money laundering systems in finance typically only capture transactions above a certain amount, whereas AI tends to flag overly regular small-scale splits as suspicious. This means that, compared to single large transfers, repetitive small transactions leave a clearer “fingerprint.” This reveals that North Korean hackers’ meticulous calculations can actually expose their weaknesses in front of AI.

Virtual asset hacking has gone beyond mere economic losses and may evolve into security crises, increasing international concern. The U.S. Treasury Department and the UN sanctions committee warn that North Korea’s cybercrime proceeds are actually being used to fund nuclear weapons and ballistic missile development. Ultimately, as AI rises to become the core tool for virtual asset monitoring, the role of digital technology in cybersecurity is expected to become increasingly important.