North Korean-linked hackers stole a record-breaking $2.02 billion in cryptocurrency in 2025, marking a 51% increase from the previous year and pushing their cumulative haul to an estimated $6.75 billion. This surge in illicit activity has prompted a controversial proposal from a social media user identified as "Tay 💖" to actively intercept and recover these funds by exploiting "single points of failure" within decentralized finance (DeFi) protocols where the stolen assets are believed to reside.
"The hackers are currently sitting on Ethereum and Arbitrum. They will use a number of 'DeFi' things that have a number of single-points-of-failure. Identify those single points of failure RIGHT NOW. Use them to intercept these funds and rug DPRK and get this fucking money back," Tay 💖 stated in a recent tweet.
The substantial thefts are primarily attributed to groups like Lazarus, which are sponsored by the Democratic People's Republic of Korea (DPRK) to fund its nuclear weapons and missile programs amid tightening international sanctions. These groups have increasingly targeted centralized exchanges and, to a lesser extent, DeFi protocols, employing sophisticated tactics including supply-chain attacks and human manipulation to gain access to funds. The $1.5 billion breach of Bybit in February 2025, the largest single crypto theft on record, exemplifies the scale of these operations.
Tay 💖's proposal suggests that "Literally EVERY. SINGLE. THING. they use has single points of failure. I guarantee it. 100% confidence." The tweet urges "Teams should do this right now" and subsequently "fully eliminate those single points so that they can't be used to steal money from anyone ever again." This highlights a tension between the desire for fund recovery and the foundational principles of decentralization in blockchain technology.
While the exact nature of these "single points of failure" in DeFi is debated, potential vulnerabilities can include centralized governance mechanisms, oracle manipulation, smart contract bugs, or reliance on centralized bridges and custodians. Such methods, if exploited for fund recovery, could set a contentious precedent within the crypto ecosystem, potentially undermining trust in decentralized systems. The call for action underscores the growing urgency within the crypto community to address the significant financial threat posed by state-sponsored hacking groups.
