Last week's G7 summit in Évian-les-Bains, France, produced one notable first: world leaders formally placed North Korea's cryptocurrency operations inside the same communiqué paragraph as nuclear and ballistic missile threats. Not a task force, not new sanctions — just the explicit recognition that Pyongyang's crypto theft now belongs at the heads-of-state level.
The numbers behind that decision are hard to dismiss. Hacking groups affiliated with Pyongyang have taken $6.75 billion from the crypto sector since 2020. In 2025 alone the figure was $2 billion, representing 64% of all crypto stolen globally that year. The single largest operation: the Bybit breach in February 2025, which drained $1.5 billion in one shot.
CrowdStrike has named North Korea the largest threat group targeting crypto users by total value stolen. The proceeds aren't lifestyle spending — they fund the regime's missile and nuclear development programs directly. U.S. Treasury assessments have linked a meaningful share of North Korea's weapons budget to crypto theft and laundering operations.
But this is where honesty matters. The G7 communiqué contains no specific enforcement mechanisms. No mandatory exchange screening for DPRK-linked addresses, no coordinated framework against mixing services, no secondary sanctions against facilitators. Leaders "reiterated the need to jointly address" the problem — careful diplomatic phrasing that commits no one to anything concrete. Pyongyang responded predictably, calling the allegations "politically motivated slander" through state news agency KCNA.
The political signal still carries weight. Before Évian, crypto theft by North Korea was a subject for sanctions offices and threat-intelligence reports. After this summit, it's a G7 agenda item — which shifts real pressure onto exchanges and blockchain analytics firms to tighten screening of DPRK-flagged addresses voluntarily, ahead of any legislative mandate.



