Spy Tricks: How Digital Thieves Used Chat and Code to Steal Millions

North Korea’s cyber teams have quietly cleaned out more than $6 billion from crypto since 2017, and 2026 alone has already added nearly $600 million to that total. Instead of just guessing passwords or sending phishing links, these operatives now spend months face-to-face with targets, building trust and picking up small details. In one case, undercover agents met repeatedly with staff at a trading platform called Drift until they found the perfect moment to slip past the digital locks. What makes these infiltrations tricky is the mix of old-school socializing and new digital tools. Hackers no longer sit in dark rooms typing furiously; they sit across from employees in cafes, asking friendly questions while scanning every screen in reach. Once inside, they act fast—emptying wallets with keys they secretly copied or exploits they kept secret until the right time. A single leaked password at Wasabi Protocol let thieves walk away with $4. 5 million in minutes, proving even simple oversights can lead to huge losses.

Stealing the money is only the first step for these groups. North Korea’s hackers then carefully turn crypto into untraceable cash using bridges and mixers run by intermediaries. In one big heist, $292 million vanished from KelpDAO when a known weak spot wasn’t fixed fast enough. Instead of quietly converting funds, the hackers sent the money through networks where Chinese brokers handled the dirty work, following an old playbook that mixes face-to-face deals with anonymous transfers. The pattern shows how online crime has grown up. Years ago, attacks were loud and quick—millions gone in seconds. Today’s thefts unfold like spy movies: long waits, careful planning, and multiple layers. The groups behind these hits also share tricks, copying each other’s money routes and timing. Some move funds immediately; others wait years before touching a stolen coin. Either way, crypto’s wild west still offers plenty of chances to vanish into the digital dark.

Actions