North Korea Crypto Cash-Out Calculator
Calculate Stolen Crypto Conversion
Based on North Korea's current success rates in converting stolen cryptocurrency to fiat currency.
Key Insights
- Current conversion rate 70%
- Projected by 2027 40%
- Amount stolen (2017-2025) $3,000,000,000
Data source: UN estimates and U.S. Treasury reports (2025)
Converted to Fiat:
$0.00
North Korea doesn’t steal cryptocurrency because it’s trendy. It does it because cryptocurrency is the only way left to move billions in cash without getting caught. While the world watches sanctions tighten, the regime has turned hacking into a state-run banking operation - one that turns digital tokens into real-world money for missiles, nukes, and military gear.
The Scale of the Theft
Between 2017 and 2025, North Korean hackers stole more than $3 billion in cryptocurrency. That’s not a typo. The biggest single heist? The $1.5 billion breach of Bybit in February 2025 - the largest in history. It didn’t take months to plan. It took hours. The hackers didn’t break into vaults. They tricked employees, exploited software bugs, and used fake identities to get access. Once inside, they moved fast. Within 72 hours, 87% of the stolen Ethereum had been converted into Bitcoin. Why Bitcoin? Because it’s the most liquid, the most accepted, and the hardest to trace once it’s mixed.These aren’t random cybercriminals. They’re part of the Lazarus Group - a state-backed hacking unit trained like soldiers. Their mission isn’t just to steal. It’s to convert. Every dollar they turn into cash helps fund North Korea’s weapons programs. The UN estimates that 20-30% of the regime’s foreign currency now comes from crypto. That’s more than exports, more than smuggling, more than any other illegal source.
The Cash-Out Process: Four Steps to Clean Money
Turning stolen crypto into cash isn’t as simple as withdrawing from an exchange. North Korea’s method is a multi-stage operation - like a heist movie, but with blockchain instead of safes.- Steal - 68% of attacks start with phishing, supply chain compromises, or fake job offers to get inside exchanges or wallets. The Atomic Wallet hack in 2023 stole $100 million from 4,100 users by poisoning a software update.
- Mix - Stolen coins are moved across multiple blockchains. Ethereum → Binance Smart Chain → Solana → Bitcoin. Each jump adds layers of confusion. By the time the money hits Bitcoin, it’s passed through at least three different networks. This is called ‘cross-chain bridging.’ In 2024 alone, $1.2 billion in North Korean-linked crypto flowed through bridges like Ren Bridge and Avalanche Bridge.
- Convert - Bitcoin is the middleman. It’s the most trusted, the most liquid, and the easiest to trade for cash. 82% of all stolen crypto ends up as Bitcoin before the final step.
- Cash Out - This is the hardest part. No legitimate exchange will take $100 million from a hacker without asking questions. So North Korea uses third-party networks with zero KYC. Think unregulated crypto cafes, gambling dens in Macau, and shell companies in Cambodia.
Cambodia: The Secret Cash-Out Hub
If you want to turn stolen crypto into real cash, you go to Cambodia. Specifically, to Sihanoukville - a coastal city where crypto cafes operate like convenience stores. There are at least 14 North Korea-controlled crypto shops there as of March 2025. No ID needed. No questions asked. You walk in with a QR code, hand over your digital wallet, and walk out with a stack of cash.The Huione Group, a Cambodian company linked directly to North Korean operatives, is the main player. FinCEN flagged Huione in May 2025 for laundering $37.6 million between 2021 and 2025. Their subsidiaries handle everything: Huione Guarantee runs scams, Huione Crypto issues untraceable stablecoins. These aren’t just front companies. They’re part of the regime’s financial infrastructure.
Why Cambodia? Because its financial regulators are underfunded, undertrained, and under pressure. The government needs foreign investment. So it looks the other way. Meanwhile, North Korean IT workers - posing as remote freelancers from Vietnam or India - work inside local exchanges, creating backdoors that let them move money in under 12 hours. Standard fraud checks take 72 hours. They’re already gone by then.
China and Macau: The Backup Plan
Cambodia isn’t the only option. China still plays a role, even with tighter controls. In February 2024, the U.S. Department of Justice indicted two Chinese nationals for moving $250 million in stolen crypto through 37 bank accounts. They used fake business invoices and shell companies to make it look like legitimate trade payments.Macau’s casinos are another weak spot. While regulated casinos in Las Vegas or Singapore require 95% KYC verification, some Macau venues accept crypto deposits with only 5% checks. A hacker can walk in with $5 million in Bitcoin, convert it to chips, play a few hands, then cash out as clean cash. It’s not glamorous, but it works. About 15% of North Korea’s stolen crypto flows through these venues.
The Human Factor: IT Workers as Bankers
North Korea doesn’t just rely on hackers. It uses thousands of IT workers abroad - engineers, developers, customer support reps - who work in legitimate companies across China, Russia, and Southeast Asia. They’re not spies. They’re employees. They show up to Zoom calls, file time sheets, and get paid in crypto.But behind their screens, they’re doing something else. They’re building backdoors. They’re giving hackers access to internal systems. They’re approving withdrawals that should never clear. In 2024, CSIS documented 27 cases where North Korean workers at Chinese exchanges enabled direct wallet-to-bank transfers with only 12 hours’ notice. That’s faster than any fraud detection system can react.
They use fake identities - mostly Indian or Vietnamese passports - to avoid suspicion. Their employers think they’re remote workers from Manila or Hanoi. In reality, they’re operating under orders from Pyongyang. The UN estimates these workers generate $600 million a year for the regime. That’s not a side hustle. It’s a state job.
Why Tornado Cash Is Gone - And What Replaced It
In 2022, the U.S. sanctioned Tornado Cash, the most popular crypto mixer. It had processed $1.2 billion in stolen funds since 2019. The shutdown forced North Korea to change tactics.They didn’t stop. They adapted. Instead of using one centralized mixer, they now flood the system. They run 400-500 tiny transactions a day across dozens of platforms. Each one is under $10,000 - below the reporting threshold. They use decentralized exchanges, automated bots, and DeFi protocols that don’t require identity checks. The goal isn’t to hide the money. It’s to overwhelm the system. By the time analysts trace one path, five others are already done.
Success rates have jumped from 65% in 2020 to 92% today. That’s because they’re no longer trying to be invisible. They’re trying to be too fast to stop.
The Crackdown - And Why It’s Not Working
The world is trying to shut this down. The Crypto-Asset Reporting Framework now forces exchanges in over 100 countries to share customer data. The U.S. Treasury has frozen hundreds of wallets. The UN has added names to sanctions lists.And yet, North Korea’s cash-out success rate dropped only 22% in Q1 2025 - not because they got caught, but because the window is shrinking. Only 3-5% of global exchanges still allow large, anonymous withdrawals. The rest are locked down.
So North Korea is building its own system. Crypto cafes. Stablecoin arbitrage. Custom cross-chain protocols. A March 2025 CSIS report revealed the regime is recruiting 37 blockchain developers from failed crypto startups to build private tools that can move $500 million without leaving a trail.
But here’s the catch: the longer they wait, the harder it gets. Every new regulation, every improved blockchain tracker, every international freeze makes it tougher. Treasury Secretary Janet Yellen says success rates could drop to 40% by 2027. But as Dr. Kim Heung Kwang, a defected North Korean computer scientist, warned: “The regime won’t stop until cryptocurrency is fully regulated - or gone.”
What Comes Next?
North Korea isn’t going to stop. They’ve invested too much. They’ve trained too many people. They’ve built too many backdoors.The next phase? Stablecoin laundering. Steal Ethereum. Convert it to USDC on a decentralized exchange. Move it to a regional exchange where USDC trades at a 2% premium. Cash out as dollars. No Bitcoin. No mixing. Just price differences exploited across borders. It’s clean. It’s legal on paper. And it’s already being tested.
For now, the money keeps flowing. The missiles keep being built. And the world keeps playing catch-up.
How much crypto has North Korea stolen?
Between 2017 and 2025, North Korean hackers stole over $3 billion in cryptocurrency, with the largest single theft being the $1.5 billion Bybit hack in February 2025. The regime has successfully converted $2.1 billion of that into fiat currency to fund its weapons programs.
How does North Korea turn crypto into cash?
North Korea uses a four-step process: steal crypto via phishing or exploits, move it across multiple blockchains to obscure its origin, convert it to Bitcoin for liquidity, and cash out through unregulated channels like crypto cafes in Cambodia, Macau casinos, or shell companies in China. They avoid exchanges with strict KYC rules by using third-party networks with little to no identity verification.
Why is Cambodia important for North Korea’s crypto cash-outs?
Cambodia, especially Sihanoukville, hosts at least 14 North Korea-controlled crypto cafes where stolen digital assets are exchanged for cash with no ID required. The Huione Group, linked to North Korean operatives, processes tens of millions in illicit crypto through these outlets. Cambodia’s weak financial oversight makes it the primary global hub for this type of laundering.
What role do North Korean IT workers play in crypto laundering?
Thousands of North Korean IT workers are stationed abroad in China, Russia, and Southeast Asia, working under fake identities at exchanges and fintech firms. They use their access to create backdoors that let hackers move funds in under 12 hours - faster than standard fraud detection systems. These workers generate an estimated $600 million annually for the regime by enabling direct wallet-to-bank transfers.
Why did North Korea stop using Tornado Cash?
Tornado Cash was sanctioned by the U.S. Treasury in September 2022 after processing $1.2 billion in stolen crypto. North Korea shifted to a ‘flood the zone’ strategy - running hundreds of small, high-frequency transactions across decentralized exchanges and cross-chain bridges to avoid detection. They now rely on speed and volume rather than centralized mixers.
Can blockchain analysis stop North Korea’s crypto laundering?
Blockchain analysis has improved by 40% since 2022, but North Korea’s adaptation speed has increased by 65%. They now convert 78% of stolen assets within 72 hours - faster than most investigations can be launched. While tracking has gotten better, the regime’s ability to exploit regulatory gaps in DeFi and cross-chain bridges keeps them ahead.
What’s the future of North Korea’s crypto cash-out operations?
North Korea is developing next-generation methods like stablecoin arbitrage - converting stolen crypto into USDC, exploiting price differences across regional exchanges, and cashing out as clean fiat with minimal trail. They’re also hiring blockchain developers to build custom cross-chain protocols that can move $500 million+ without leaving traces. But as global regulations tighten, success rates are projected to drop to 40% by 2027.
Ziv Kruger
December 2, 2025 AT 13:01Heather Hartman
December 3, 2025 AT 01:27Catherine Williams
December 4, 2025 AT 07:49Paul McNair
December 4, 2025 AT 08:40Mohamed Haybe
December 5, 2025 AT 11:27Steve Savage
December 6, 2025 AT 23:25